This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # InfluxDB Reflected cross-site-scripting (XSS) vulnerability in v0.9.5 | |
| ## Description | |
| InfluxData provides the leading time series platform to instrument, observe, learn and automate any system, application and business process across a variety of use cases. | |
| Official Website: | |
| https://www.influxdata.com/ | |
| ### Proof of Concept 1 (stored XSS) | |
| From the admin panel, it is possible to inject Malicious JavaScript into the Write Data Module: | |
| ``` | |
| <script>alert("Xss")</script> | |
| ``` | |
| ## Fixes | |
| Upgrade to Latest Version | |
| ## Affected versions | |
| * Versions up to 0.9.5 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment