Reflected Cross-site scripting via Swagger-UI

Hello Team,

I am webcipher101 a Certified Ethical Hacker.

I found a vulnerability on your website.

Vulnerability Name: Reflected Cross-site scripting

Description: You are using Swagger UI to share API docs, which uses DomPurify which is vulnerable to insecure input validation and overall your domain becomes vulnerable to Reflected XSS

Vulnerable URL: https://www.eclipse.org/vorto/swagger/index.html?configUrl=https://raw.githubusercontent.com/harshbanshpal/testing/main/test.json

Steps to reproduce:

  1. visit the site: https://www.eclipse.org/vorto/swagger/index.html
  2. Now add any custom URL which contains your XSS payload in JSON format.
  3. For POC purpose in using this URL: ?configUrl=https://raw.githubusercontent.com/harshbanshpal/testing/main/test.json
  4. Now URL becomes: https://www.eclipse.org/vorto/swagger/index.html?configUrl=https://raw.githubusercontent.com/harshbanshpal/testing/main/test.json
  5. XSS payload successfully executed.

Impact: The Attacker will steal users' cookies to log in as him, he'll do phishing on behalf of the domain, and also he'll spread malware and virus.

Reference: https://hackerone.com/reports/1072868 https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/

Please fix this issue as soon as possible.

Regards, @webcipher101eclipse_xss

Copyright © Eclipse Foundation AISBL. All rights reserved.     Privacy Policy | Terms of Use | Copyright Agent