Mist Community Edition Cross-Site Scripting Vulnerability via Open Redirect

A reflected cross-site scripting vulnerability has been identified in Mist Community Edition (CE) versions through 4.7.1. The issue arises in the authentication endpoint, specifically within the login function of src/mist/api/views.py. The vulnerability is caused by improper validation of the 'return_to' parameter, allowing attackers to inject malicious scripts that are executed in the context of the application. This flaw can be exploited remotely and requires user interaction, potentially leading to credential theft, session hijacking, or other client-side attacks, depending on the nature of the injected payload.

Impact

Exploitation of this vulnerability allows for cross-site scripting attacks, where an attacker can execute arbitrary JavaScript in the context of the victim's browser, potentially leading to session cookie theft or redirection to malicious sites.

Reproduction

To reproduce this vulnerability, navigate to the Mist CE login page and intercept the request. Modify the 'return_to' parameter to include a JavaScript payload or a URL to a malicious site. Send the crafted URL to a victim. Once they log in, the injected JavaScript will execute, or they will be redirected to the specified site.

Remediation

Users are advised to upgrade to Mist Community Edition version 4.7.2, which addresses this vulnerability.