Impact
The vulnerability allows for malicious users to inject malicious Javascript via a POST request to /presale/join
. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the founders@originprotocol.com email. If the email recipient is using an email program that is susceptible to XSS, then that email recipient will receive an email that may contain malicious XSS. Regardless if the email recipient’s mail program has vulnerabilities or not, the hacker can at the very least inject malicious HTML that modifies the body content of the email.
Patches
Patched in #617.
Workarounds
None.
References
This vulnerability was found using CodeQL (a query contribution by @mrthankyou and @jorgectf).
For more information
Contact security@originprotocol.com.
Impact
The vulnerability allows for malicious users to inject malicious Javascript via a POST request to
/presale/join
. User-controlled data is passed with no sanitization to SendGrid and injected into an email that is delivered to the founders@originprotocol.com email. If the email recipient is using an email program that is susceptible to XSS, then that email recipient will receive an email that may contain malicious XSS. Regardless if the email recipient’s mail program has vulnerabilities or not, the hacker can at the very least inject malicious HTML that modifies the body content of the email.Patches
Patched in #617.
Workarounds
None.
References
This vulnerability was found using CodeQL (a query contribution by @mrthankyou and @jorgectf).
For more information
Contact security@originprotocol.com.