{"id":23912018,"url":"https://github.com/eqstlab/cve-2024-25503","last_synced_at":"2026-02-28T02:34:17.170Z","repository":{"id":270801173,"uuid":"853175455","full_name":"EQSTLab/CVE-2024-25503","owner":"EQSTLab","description":"Cross-Site Scripting vulnerability in Advanced REST Client v.17.0.9 exploit ","archived":false,"fork":false,"pushed_at":"2024-09-06T06:17:36.000Z","size":2,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-23T17:47:36.710Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EQSTLab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-06T06:17:18.000Z","updated_at":"2025-02-19T07:26:10.000Z","dependencies_parsed_at":"2025-01-03T07:34:23.458Z","dependency_job_id":"9c4230a1-f0b1-43d1-a306-ee088ddacb97","html_url":"https://github.com/EQSTLab/CVE-2024-25503","commit_stats":null,"previous_names":["eqstlab/cve-2024-25503"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/EQSTLab/CVE-2024-25503","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EQSTLab%2FCVE-2024-25503","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EQSTLab%2FCVE-2024-25503/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EQSTLab%2FCVE-2024-25503/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EQSTLab%2FCVE-2024-25503/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EQSTLab","download_url":"https://codeload.github.com/EQSTLab/CVE-2024-25503/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EQSTLab%2FCVE-2024-25503/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29923408,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-27T19:37:42.220Z","status":"online","status_checked_at":"2026-02-28T02:00:07.010Z","response_time":90,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-05T08:57:50.710Z","updated_at":"2026-02-28T02:34:17.143Z","avatar_url":"https://github.com/EQSTLab.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2024-25503\n\u003e **Vulnerability type : Cross Site Scripting (XSS)** \u003cbr\u003e\n\u003e **Product: Advanced REST Client desktop application** \u003cbr\u003e\n\u003e **Vulnerable Version: 17.0.9** \u003cbr\u003e\n\u003e **Vendor of the product(s): https://www.advancedrestclient.com/** \u003cbr\u003e\n\n## 1. Description\nCross-Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information. \nThis can be achieved by exploiting a crafted script within the 'edit details' parameter of the New Project function.\n\u003cbr\u003e\u003cbr\u003e\n\n## 2. Attack Vectors\nThis vulnerability arises when an attacker maliciously stores a 'XSS' script in the project description (Markdown format), shares the project with the victim, and then executes the shared project on the victim's PC using the ARC App.\n\u003cbr\u003e\u003cbr\u003e\n\n## 3. Proof-of-Concept (PoC)\n\n#### Step 1) Click on the '+ADD A PROJECT' button on the third tab after running the Advanced REST Client.\n![image](https://github.com/EQSTLab/PoC/assets/67315168/36cc1f3c-621a-4cdd-ad02-fecfe699496c)\n\n\u003cbr\u003e\u003cbr\u003e\n\n#### Step 2) Click the 'Open details' tab to view the created project.\n![image](https://github.com/EQSTLab/PoC/assets/67315168/d010c90b-1d2d-4a69-a274-439f3447bc3b)\n\n\u003cbr\u003e\u003cbr\u003e\n\n#### Step 3) Click on the 'Edit details' tab in the created New Project.\n![image](https://github.com/EQSTLab/PoC/assets/67315168/bd23dd0b-7b06-4d54-bb23-25a416f1f770)\n\n\u003cbr\u003e\u003cbr\u003e\n\n#### Step 4) Attacker writes 'XSS script' and clicks 'SAVE' button.\n\n```html\n\u003c!--Used 'XSS script' for information leakage--\u003e\n\u003cimg src=# onerror=\"alert(document.location)\"\u003e\n\n\u003c!--Another 'XSS script' for phishing--\u003e\n\u003cimg src=# onerror=\"alert(document.location)\"\u003e\n```\n![image](https://github.com/EQSTLab/PoC/assets/67315168/1e49e2bc-7d69-4959-9bbd-54cca267e40f)\n\u003cbr\u003e\u003cbr\u003e\n\n#### Step 5) When opening a project, a 'XSS script' may generate an alert(information leakage)\n![image](https://github.com/EQSTLab/PoC/assets/67315168/7fe20387-1fcd-404c-899f-a4dc96f49a20)\n\u003cbr\u003e\u003cbr\u003e\n\n#### or load an attacker's page(phishing).\n![image](https://github.com/EQSTLab/PoC/assets/67315168/f911d1c2-453c-4b67-af02-e5b65f13c213)\n\u003cbr\u003e\u003cbr\u003e\n\n#### Step 6) Projects created by attackers can be exported through the 'Export project' function.\n![image](https://github.com/EQSTLab/PoC/assets/67315168/96495f98-a20c-402d-96c3-88e810683b72)\n\u003cbr\u003e\u003cbr\u003e\n\n#### Step 7) Attacker names the project and clicks the 'EXPORT' button to export the project where the 'XSS script' is stored.\n![image](https://github.com/EQSTLab/PoC/assets/67315168/0f04ec0c-2059-4b4e-99cc-592776cc87ef)\n\u003cbr\u003e\u003cbr\u003e\n\n#### Step 8) This app also has the ability to import a project.\n![image](https://github.com/EQSTLab/PoC/assets/67315168/65ce2b37-b88f-4425-a6b8-c5ace0d633cc)\n\u003cbr\u003e\u003cbr\u003e\n\n#### Step 9) Victim selects 'import all versions of ARC data' from the top tab to open the projectreceived from the attacker.\n![image](https://github.com/EQSTLab/PoC/assets/67315168/98e88c1b-6261-4a77-be33-707a53e7faca)\n\u003cbr\u003e\u003cbr\u003e\n\n#### Step 10) When clicking a 'SELECT FILE' button for victim to open malicious project file containing 'XSS script'.\n![image](https://github.com/EQSTLab/PoC/assets/67315168/6d0384f9-8c98-42ef-a6d8-df924d934541)\n\u003cbr\u003e\u003cbr\u003e\n\n#### Step 11) After the file selection is completed, click the 'IMPORT DATA' button to importsuccessfully.\n![image](https://github.com/EQSTLab/PoC/assets/67315168/776294d6-c90d-4f37-a462-be945c687aec)\n\u003cbr\u003e\u003cbr\u003e\n\n#### Step 12) Imported file runs and attacker's 'Stored XSS script' runs on victim's 'Advanced RESTClient (ARC) App'.\n![image](https://github.com/EQSTLab/PoC/assets/67315168/5fb3181a-5f3f-4ef2-856d-58d8607314dc)\n\u003cbr\u003e\u003cbr\u003e\n\n## 4. Additional Information\n* If the victim executes a project that includes malicious payloads shared by the attacker, it is dangerous because the victim cannot immediately notice the payload.\n  \n* For example, this vulnerability can be used to steal sensitive information or perform malicious behavior by reading a user's browser URL.\n  \n* You can also perform phishing attacks by redirecting users to other sites. Be careful if an XSS vulnerability is exploited in a phishing attack, which can lead to external exposure of sensitive information.\n\u003cbr\u003e\u003cbr\u003e\n\n## 5. Discoverer\n* E-mail: irene0seo97@gmail.com\n* Github: https://github.com/YOUNGSEO-PARK\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feqstlab%2Fcve-2024-25503","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feqstlab%2Fcve-2024-25503","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feqstlab%2Fcve-2024-25503/lists"}