Miggo Logo
Miggo Vulnerability Database
GHSA-jfxf-4frr-9j3q

GHSA-jfxf-4frr-9j3q: XSS in various backend modules due to (un)escaping in JS notification module

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-jfxf-4frr-9j3q
EPSS Score
-
CWE
CWE-79
Published
5/25/2022
Updated
1/11/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
neos/neoscomposer>= 3.3, < 5.3.105.3.10
neos/neoscomposer>= 7.0.0, < 7.0.97.0.9
neos/neoscomposer>= 7.1.0, < 7.1.77.1.7
neos/neoscomposer>= 7.2.0, < 7.2.67.2.6
neos/neoscomposer>= 7.3.0, < 7.3.47.3.4
neos/neoscomposer>= 8.0.0, < 8.0.28.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from client-side notification handling improperly handling HTML escaping. The advisory specifically mentions the JS notification module unescapes server-provided content. The '_addNotification' function would be responsible for DOM insertion of notifications, and the XSS occurs when user-controlled input (like workspace/media titles) is passed through this path without proper escaping. While exact code isn't available, the pattern matches common XSS vectors in notification systems where server-provided content is rendered as HTML without sanitization.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** noti*i**tion mo*ul* *ispl*yin* *l*s* m*ss***s uns**p*s *TML *omin* *rom t** s*rv*r, r*sultin* in XSS vuln*r**iliti*s wit* v*rious n*m*s *n* l***ls o* *ntiti*s (**. worksp*** titl* or m**i* titl*). T*is *ow*v*r m**ns you must ** * lo**** in us*r w

Reasoning

T** vuln*r**ility st*ms *rom *li*nt-si** noti*i**tion **n*lin* improp*rly **n*lin* *TML *s**pin*. T** **visory sp**i*i**lly m*ntions t** `JS` noti*i**tion mo*ul* un*s**p*s s*rv*r-provi*** *ont*nt. T** `'_***Noti*i**tion'` *un*tion woul* ** r*sponsi*l