# Exploit Title: ThingsBoard 3.3.1 – Stored Cross-Site Scripting (XSS) within the description of a rule node
\n# Date: 03\/08\/2022
\n# Exploit Author: Steffen Langenfeld & Sebastian Biehler
\n# Vendor Homepage: https:\/\/thingsboard.io\/
\n# Software Link: https:\/\/github.com\/thingsboard\/thingsboard\/releases\/tag\/v3.3.1
\n# Version: 3.3.1
\n# Tested on: [relevant os]\n# CVE : CVE-2021-42751
\n# Tested on: Linux<\/p>\n
#Proof-Of-Concept:
\nWhen creating a rule node (any) and putting a script payload inside the description of the rule node, it is executed upon hovering above the node within the editor.<\/p>\n
#Steps<\/p>\n
1. Create a new rule node (via the menu “Rule chains”)
\n2. Put a javascript payload within the description e.g <script>alert(‘XSS’)<\/script>
\n3. Save the node
\n4. Upon hovering above the node within the editor the payload is executed# Exploit Title: ThingsBoard 3.3.1 – Stored Cross-Site Scripting (XSS) within the name of a rule node<\/p>\n
———-<\/p>\n
# Date: 03\/08\/2022
\n# Exploit Author: Steffen Langenfeld & Sebastian Biehler
\n# Vendor Homepage: https:\/\/thingsboard.io\/
\n# Software Link: https:\/\/github.com\/thingsboard\/thingsboard\/releases\/tag\/v3.3.1
\n# Version: 3.3.1
\n# CVE : CVE-2021-42750
\n# Tested on: Linux<\/p>\n
#Proof-Of-Concept:
\nWhen creating a rule node (any) and putting a script payload inside the name of the rule node, it is executed upon hovering above the node within the editor.<\/p>\n
#Steps<\/p>\n
1. Create a new rule node (via the menu “Rule chains”)
\n2. Put a javascript payload within the name e.g <script>alert(‘XSS’)<\/script>
\n3. Save the node
\n4. Upon hovering above the node within the editor the payload is executed<\/p>\n","protected":false},"excerpt":{"rendered":"
# Exploit Title: ThingsBoard 3.3.1 – Stored Cross-Site Scripting (XSS) within the description of a rule node # Date: 03\/08\/2022 # Exploit Author: Steffen Langenfeld & Sebastian Biehler # Vendor Homepage: https:\/\/thingsboard.io\/ # Software Link: https:\/\/github.com\/thingsboard\/thingsboard\/releases\/tag\/v3.3.1 # Version: 3.3.1 # Tested on: [relevant os] # CVE : CVE-2021-42751 # Tested on: Linux #Proof-Of-Concept: When creating …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-29026","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/29026","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=29026"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/29026\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=29026"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=29026"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=29026"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}