Improper input validation vulnerability in Oxwall <= 1.8.7 (11111), Motoshub <= 2 (11030) allows an attacker to trigger a XSS (Reflected) on victim's devices via the "back_uri" parameter.
Write-up (Root Cause Analysis + Technical details + Full Exploit Codes) will be published on my Blog later.
So please update!
Patches
According to the maintainers' claim, they patched this vulnerability for their premium users, but free users need to patch it manually (Please see Workarounds).
Workarounds
Please make these changes to your source code:
Oxwall:
Motoshub:
References
Motoshub
Motoshub/issues/1
Oxwall
For more information
If you have any questions or comments about this advisory:
mir-hossein Analyst
Improper input validation vulnerability in Oxwall <= 1.8.7 (11111), Motoshub <= 2 (11030) allows an attacker to trigger a XSS (Reflected) on victim's devices via the "back_uri" parameter.
Write-up (Root Cause Analysis + Technical details + Full Exploit Codes) will be published on my Blog later.
So please update!
Patches
According to the maintainers' claim, they patched this vulnerability for their premium users, but free users need to patch it manually (Please see Workarounds).
Workarounds
Please make these changes to your source code:
Oxwall:
Motoshub:
References
Motoshub
Motoshub/issues/1
Oxwall
For more information
If you have any questions or comments about this advisory: