CVE-2023-30095

In this post I will go through CVE-2023-30095: the description, replication of the vulnerability and PoC.

Messenger, a TotalJS product, is

"a chat application for programmers.
Our solution is a small, fast, and open-source web application that you can customize to fit your needs.
Try our great solution as a communication channel in your company or sell it to your customers."

The Messenger platform includes:

Real-time messaging.
Supports GitHub flavored markdown.
Supports secret messages.
Full-text search.

totaljs messenger

Description of the vulnerability

TotalJS messenger commit b6cf1c9 is vulnerable to XSS. The channel description field is not properly sanitized.

Replication of the vulnerability

Login in the application.
Click on Channels.
Click on Add a new channel.
Fill all the possible fields with payload "><img src=x onerror=alert(document.domain)> and save.
XSS will fire whenever user info is reflected in page.

totaljs messenger cve poc

PoC

References

https://nvd.nist.gov/vuln/detail/CVE-2023-30095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30095
https://www.youtube.com/watch?v=2k7e9E0Cw0Y
https://github.com/totaljs/messenger/issues/11