Stonith404 Pingvin Share Cross-Site Scripting Vulnerability in Sign-In Auto-Redirect Component

A cross-site scripting (XSS) vulnerability has been identified in Stonith404 Pingvin Share versions up to 1.13.0. The issue arises in the Sign-in Auto-Redirect component, specifically within the getServerSideProps function of frontend/src/pages/auth/signIn.tsx. The vulnerability allows for remote exploitation by manipulating the redirect argument, which is not properly sanitized before being used. This flaw has been publicly disclosed and could be exploited by authenticated users.

Impact

Exploitation of this vulnerability allows for DOM-based cross-site scripting, where an attacker can execute arbitrary JavaScript in the context of the victim's browser. This could lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim.

Reproduction

To reproduce this vulnerability, an authenticated user must be tricked into clicking a crafted link that includes a malicious JavaScript payload in the redirect parameter. Once the link is clicked, the JavaScript executes in the user's browser, taking advantage of the application's trust in the redirect parameter.

Remediation

To address this vulnerability, the redirectPath variable should be sanitized using the safeRedirectPath function before it is used in the router.replace method.