Skip to content

XSS through "Things --> Adjust fields for things table"

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). On the url: http://localhost:8080/ui/?primaryEnvironmentName=ditto_sandbox javascript code can be executed.

Steps to reproduce:

  • Enter the following payload into Things --> "Adjust fields for things table" into "Field Path" and "Field Label": <img src=x onerror=alert(772)></img> (See screenshot)
  • Then, it triggers the execution of Javascript
  • grafik
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent