Skip to content

XSS in DynamicModelChoiceField #12745

New issue
New issue
Closed
#12755
Closed
XSS in DynamicModelChoiceField#12745
#12755
Assignees
kkthxbye-code
Labels
status: acceptedThis issue has been accepted for implementationtype: bugA confirmed report of unexpected behavior in the application
@kkthxbye-code

Description

@kkthxbye-code
kkthxbye-code
opened on May 27, 2023

NetBox version

v3.5.2

Python version

3.10

Steps to Reproduce

  1. Create a tenant group with the name <img src=1 onerror='alert(document.cookie)'/>
  2. Go to the site creation form
  3. Open the tenant group dropdown

Expected Behavior

No XSS

Observed Behavior

The name is not escaped and the browser displays an alert with the cookie. Originally found here: https://github.com/anhdq201/netbox/issues

This probably applies to all DynamicModelChoiceField where the user can set the display value.

The person responsible for that repo chose not to report it. The same report is also duplicated 15 times and one report is invalid (the graphql one).

Metadata

Metadata

Assignees

Labels

status: acceptedThis issue has been accepted for implementationtype: bugA confirmed report of unexpected behavior in the application

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions