PT-2019-15364 · Ant Design · Ant Design Pro

Nstikhomirov

Published

2019-10-23

Updated

2019-10-29

CVE-2019-18350

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Ant Design Pro version 4.0.0

Description The issue concerns a reflected XSS in the user/login redirect GET parameter, which affects the authorization component. This leads to the execution of JavaScript code in the login after-action script.

Recommendations For Ant Design Pro version 4.0.0, consider disabling the redirect parameter in the user/login endpoint until a patch is available. Restrict access to the authorization component to minimize the risk of exploitation. Avoid using the redirect GET parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-18350

Affected Products

Ant Design Pro

PT-2019-15364 · Ant Design · Ant Design Pro

CVE-2019-18350

Weakness Enumeration

Related Identifiers

Affected Products

References · 3