GHSA-r4v5-rwr2-q7r4

Summary

Vulnerability: Stored DOM Blind XSS via Logs Interface Rendering (Administrative Context Execution)

• Stored Cross-Site Scripting (Blind XSS) via Unsafe Rendering of User-Controlled Logged Data

Description

The application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged data, it is rendered without proper output encoding.

This issue becomes a Blind XSS scenario because the attacker does not see immediate execution. Instead, the payload is stored within application logs and only executes later when an administrator views the logs page.

For example, accessing /backend/backup/restore/xss-payload-here causes an error that gets logged by the application. If the injected portion contains an XSS payload, it is stored inside the logs without sanitization and later rendered unsafely inside the logs management interface.

When an administrator views the logs page, the stored payload executes automatically in the administrative browser context, leading to stored blind cross-site scripting (Blind XSS).

Affected Functionality

• Application logging mechanism
• Logs storage and retrieval logic
• Logs rendering within administrative interface
• Any endpoint that logs unsanitized user-controlled input

Attack Scenario

• An attacker injects a malicious XSS payload into any user-controlled input that is logged by the application.
• Example: Visit /backend/backup/restore/<img src=x onerror=alert(document.domain)>
• The application throws an error and logs the malicious payload.
• The payload is stored within application logs.
• An administrator views the logs interface.
• The payload executes automatically in the administrator’s browser context.

Any method or endpoint that logs user-controlled input without sanitization will result in the same Blind XSS condition when viewed inside logs management.

Impact

• Persistent Stored Blind XSS
• Execution of arbitrary JavaScript in...