In this post I will go through CVE-2023-30097: the description, replication of the
vulnerability and POC.
Messenger,
a product of TotalJS, is "a chat application for programmers. Our solution is a small,
fast, and open-source web application that you can customize to fit your needs. Try our
great solution as a communication channel in your company or sell it to your
customers."
The Messenger platform includes:
Real-time messaging.
Supports GitHub flavored markdown.
Supports secret messages.
Full-text search.
Description of the vulnerability
TotalJS messenger commit b6cf1c9 is vulnerable to XSS. The private task field is not
properly sanitized.
Replication of the vulnerability
Login in the application.
Click on Add a Private task.
Set "
<script>alert(document.domain)</script> as task
description and save.
XSS will fire whenever user info is reflected in page.