You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
It's possible to execute JS on application context by modifying the API query values when saving a template.
To Reproduce
Access to a new dashboard in graphite-web instance (i.e. http://localhost/dashboard). You don't really need data in it.
Use the "Save As Template " feature (In the context menu Dashboard > Save As Template ). Give it a name. <img src=1 onerror=alert(1)>
String to replace <img src=1 onerror=alert(1)>
Use the "Template finder" feature (In the context menu Dashboard > Template finder ). You can see XSS Expected behavior
This can be solved by removing or ignoring requests containing the characters "<" ">" and/or other escaping/scripting characters. -> Sanitize the value before using it.
Screenshots
Environment (please complete the following information):
OS flavor: Debian 11
Graphite-web version 1.1.8
Setup type: docker
The text was updated successfully, but these errors were encountered:
Describe the bug
It's possible to execute JS on application context by modifying the API query values when saving a template.
To Reproduce
Access to a new dashboard in graphite-web instance (i.e. http://localhost/dashboard). You don't really need data in it.
Use the "Save As Template " feature (In the context menu Dashboard > Save As Template ). Give it a name.
<img src=1 onerror=alert(1)>String to replace
<img src=1 onerror=alert(1)>Use the "Template finder" feature (In the context menu Dashboard > Template finder ). You can see XSS
Expected behavior
This can be solved by removing or ignoring requests containing the characters "<" ">" and/or other escaping/scripting characters. -> Sanitize the value before using it.
Screenshots
Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: