DOM XSS on http://talks.lystit.com
Low
L
Lyst
Submitted None
Actions:
Reported by
gamer7112
Vulnerability Details
Technical details and impact analysis
#Description
DOM XSS can be achieved via a postMessage due to an insecure postMessage handler being registered.
#POC
1. Visit https://gamer7112.com/lyst_1.html
2. Click the link
3. View alert
#Vulnerable Code
Located at http://talks.lystit.com/data-saloon-presentation/plugin/notes/notes.html
```javascript
window.addEventListener('message', function(event) {
var data = JSON.parse(event.data);
// No need for updating the notes in case of fragment changes
if (data.notes !== undefined) {
if (data.markdown) {
notes.innerHTML = marked(data.notes);
} else {
notes.innerHTML = data.notes;
}
}
silenced = true;
// Update the note slides
currentSlide.contentWindow.Reveal.slide(data.indexh, data.indexv, data.indexf);
nextSlide.contentWindow.Reveal.slide(data.nextindexh, data.nextindexv);
silenced = false;
}, false);
```
## Impact
XSS allows for an attacker to execute arbitrary javascript on another user.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$100.00
Submitted
Weakness
Cross-site Scripting (XSS) - DOM