Skip to content

[BUG]: Stored DOM XSS Vulnerability in Wishlist Page #309

Description

@devprashant19

Description:
Similar to the cart and deals pages, the wishlist.js script renders product objects into HTML without escaping. It dynamically injects product.brand and product.name into card.innerHTML.

Actual Behavior:
Malicious HTML payloads stored in a product's brand or name are parsed as executable code when a user views their wishlist page.

Expected Behavior:
The frontend should utilize AppUtils.escapeHTML(product.name) and AppUtils.escapeHTML(product.brand) to neutralize any HTML tags before rendering them in the DOM.

Steps to Reproduce:

  1. Create a product with a brand containing an XSS payload (e.g., MaliciousBrand<svg onload=alert(1)>).
  2. Add the product to a user's wishlist.
  3. Navigate to the user's dashboard and open the Wishlist tab.
  4. The payload executes silently on page load.

File(s):

  • frontend/scripts/wishlist.js

Metadata

Metadata

Assignees

Labels

SSoC26Program label for Social Summer of Code Season 5.

Type

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions