Edoardo Ottavianelli

Security Researcher and Open Source Developer. Passionate about Computing, Nature and cooking.

Contact me

CVE-2023-30095

Author: Edoardo Ottavianelli
04/05/2023

In this post I will go through CVE-2023-30095: the description, replication of the vulnerability and POC.

Messenger, a product of TotalJS, is "a chat application for programmers. Our solution is a small, fast, and open-source web application that you can customize to fit your needs. Try our great solution as a communication channel in your company or sell it to your customers."

The Messenger platform includes:
  • Real-time messaging.
  • Supports GitHub flavored markdown.
  • Supports secret messages.
  • Full-text search.


totaljs messenger

Description of the vulnerability

TotalJS messenger commit b6cf1c9 is vulnerable to XSS. The channel description field is not properly sanitized.

Replication of the vulnerability

  • Login in the application.
  • Click on Channels.
  • Click on Add a new channel.
  • Fill all the possible fields with payload " <script>alert(document.domain)</script> an save.
  • XSS will fire whenever user info is reflected in page.
totaljs messenger cve poc

POC

See the Youtube Video POC at the top of the page.

References