In this post I will go through CVE-2023-30096: the description, replication of the
vulnerability and POC.
Messenger,
a product of TotalJS, is "a chat application for programmers. Our solution is a small,
fast, and open-source web application that you can customize to fit your needs. Try our
great solution as a communication channel in your company or sell it to your
customers."
The Messenger platform includes:
Real-time messaging.
Supports GitHub flavored markdown.
Supports secret messages.
Full-text search.
Description of the vulnerability
TotalJS messenger commit b6cf1c9 is vulnerable to XSS. The user information field is not
properly sanitized.
Replication of the vulnerability
Login in the application.
Click on Direct messages.
Click on Add a new user.
Fill all the possible fields with payload "
<script>alert(document.domain)</script> an save.
XSS will fire whenever user info is reflected in page.