oRPC Stored Cross-Site Scripting Vulnerability in OpenAPI Documentation Generation
Vulnerability
A stored cross-site scripting vulnerability has been identified in oRPC versions through 1.13.8, specifically within the OpenAPI documentation generation. This issue arises because the application directly embeds OpenAPI specification fields, such as info.description, into the HTML response without proper escaping. As a result, an attacker can inject malicious JavaScript that executes when the documentation is viewed.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the API documentation. This could lead to session hijacking or unauthorized actions performed on behalf of the user.
Reproduction
To reproduce this vulnerability, create an API router using oRPC and enable the OpenAPI plugin. Inject a malicious script into the description field of the OpenAPI specification. When the API documentation is generated and served, the injected script will execute in the browser of anyone who views the documentation.
Remediation
Users are advised to update to oRPC version 1.13.9 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.