Beego patches severe XSS vulnerability in open source web framework

guest · Sep 23, 2021

Beego patches severe XSS vulnerability in open source web framework
Security flaw allowed attackers to gain a foothold into a victim’s network
September 23, 2021
https://portswigger.net/daily-swig/...ss-vulnerability-in-open-source-web-framework

Beego has patched a severe cross-site scripting (XSS) vulnerability that could lead to the compromise of a victim’s session or account.

Beego is an open source framework designed for building and developing applications in the Golang (Go) programming language, including RESTful APIs and backend systems.
The modular web framework includes features for code compilation, automated testing, and both the packing and deployment of Go builds. The Beego project is available on GitHub.
Click to expand...

Last month, application security researcher Omri Inbar, who is also a member of the Checkmarx team, disclosed the XSS vulnerability to Beego.
Tracked as CVE-2021-39391, the bug, of which a CVSS score is yet to be assigned, was found in the administration panel of Beego v2.0.1.
[...]
Blind XSS
This form of attack is known as a blind XSS (a variant of a stored XSS) because the potential victim needs to run a payload before the attacker knows whether or not the code has successfully been executed.
Click to expand...

Cross-site Scripting in Beego

Description
Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.
References

nvd.nist.gov/vuln/detail/CVE-2021-39391

beego/beego#4727

Click to expand...

Log in or Sign up

Beego patches severe XSS vulnerability in open source web framework

guest Guest

Log in or Sign up

Beego patches severe XSS vulnerability in open source web framework

guest Guest

Useful Searches