Softr v2.0 was discovered to contain a HTML injection vulnerability via
the Work Space Name parameter.
There’s an HTML injection vulnerability present inside emails sent from slack when the Workspace name on the account contains HTML. The HTML is stored in the backend database and when emails are sent (promotional, etc), the HTML is sent along with the rest of the email.
Whenever the user is inviting a collaborator in the workspace, the script will get executed via email.
Steps to Reproduce :
Step 1: Navigate to https://studio.softr.io/dashboard
Step 2: Click on the + icon to add a new Workspace.
Step 3: In the Workspace Name, Add the below-mentioned payload.
“></svg>//[“‘` →<a href= “http://google.com">Click Me</a></div>
Step 4: You’ll get an option to invite the Collaborator to Workspace.
Step 5: Enter the email of the victims/any user and click on Add.
Step 6: Victim/User will receive an email, which will trigger the HTML Payload which we entered in the Workspace Name field.
Reference
http://softr.com
https://studio.softr.io/dashboard
https://www.softr.io/