Skip to content

[BUG]: Stored DOM XSS Vulnerability in Buy 1 Get 1 Deals Page #307

Description

@devprashant19

Description:
The Buy1Get1.js script dynamically renders product data (name, brand, image) directly into the DOM using innerHTML without properly escaping the input. An attacker with the ability to inject malicious HTML into product fields via the admin panel or database can execute arbitrary JavaScript in the browsers of users viewing the Deal's Collection.

Actual Behavior:
Product attributes like product.name and product.brand are embedded directly into a template literal assigned to div.innerHTML, causing the browser to parse and execute any HTML/JS payloads contained within them.

Expected Behavior:
All untrusted data rendered into the DOM must be sanitized or safely escaped (e.g., using AppUtils.escapeHTML()) before being assigned to innerHTML, or safe DOM APIs like textContent should be used.

Steps to Reproduce:

  1. Insert a product into the database with the name: <img src=x onerror=alert('XSS_BOGO')>.
  2. Navigate to the Buy 1 Get 1 Deals page.
  3. The malicious script executes automatically as the product cards are loaded and appended to elements.productContainer.

File(s):

  • frontend/scripts/Buy1Get1.js

Metadata

Metadata

Assignees

Labels

SSoC26Program label for Social Summer of Code Season 5.

Type

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions