FirstBlood-#762XSS in vaccine portal
This issue was discovered on FirstBlood v2.0.0 (issues patched)



On 2021-10-28, twsec Level 2 reported:

Hi, after logging into the vaccination manager and entering the portal, we find the uploaded vaccination proofs,

poking around we don't see many useful stuff to test but i give a try and the useragent for xss

and it fires,

but unfortunately the cookie is http only thus we can't take the cookie but never the less it's a stored XSS and the attacker can do different things with javascript.

and this is the payload , nothing fancy just the old <script>alert(1)

P2 High

Endpoint: useragent

Parameter: useragent

Payload: "><script>alert(1)</script>


FirstBlood ID: 29
Vulnerability Type: Stored XSS

When uploading a vaccine proof it is possible to achieve stored XSS against admins set via the user agent. As this value typically can't be user controlled the developers did not think it was 'worth' preventing against XSS.