Wethink Technology Inc. 720yun Pano-SDK Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Wethink Technology Inc.'s 720yun pano-sdk version 0.5.877. This vulnerability allows remote attackers to execute arbitrary code by exploiting the LoginComp (Module 2093) and SignupComp (Module 2094) modules. The issue arises from an open redirect flaw that has not been fully patched, despite partial mitigations being applied in a later version.

Impact

Exploitation of this vulnerability allows for open redirection to attacker-controlled sites, execution of JavaScript in the context of the victim's browser, and theft of session cookies and other authentication tokens.

Reproduction

To reproduce this vulnerability, send a crafted link that includes a `redirect` parameter with a value that exploits the open redirect flaw. After the victim logs in, the crafted URL will redirect them to the specified site, where phishing can occur. Alternatively, use a `javascript:` scheme payload to execute arbitrary JavaScript, such as an alert or a cookie theft script.

Remediation

Users are advised to update to version 0.5.899, where some mitigations have been applied, but be aware that the open redirect vulnerability remains unpatched.