Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS.
This type of XSS vulnerability is particularly concerning because:
The forum component of Submitty.
The vulnerability originates from the use of the
CommonMarkConverter library in the application for rendering Markdown content. While
CommonMarkConverter is a robust and popular choice for converting Markdown to HTML, its security relies heavily on proper configuration.
The primary cause of this XSS vulnerability is a misconfiguration in the
CommonMarkConverter usage. Specifically, the
allow_unsafe_links option was not explicitly set to
false. This configuration flag controls whether the parser permits
CommonMarkConverter is designed to allow all links, including
Following steps are required to reproduce the issue.
XSS, then notice that the script
When using the
CommonMarkConverter library, the
allow_unsafe_links option should be explicitly set to
The vulnerability has been fixed as a part of pull request 8032.
Report prepared by: Fu Chai Date: 10/31/2023