Various issues

Gone from Semrush too soon, I'm back again with some bugs! I was testing out some new tools and needed a codebase to test it against, and today's semrush's lucky day

- https://github.com/semrush/intergalactic/blob/ad97ee8e0edffd359ce1f1eb82f0d3c87ca8bd05/website/server/main.js#L13-L15 -- misses `res.send()` or `res.end()` in the 404 catchall. also `res.send('pong')` in the pong endpoint does something, but everything after that does nothing (can't send a response header after content in http)

- https://github.com/semrush/intergalactic/blob/ad97ee8e0edffd359ce1f1eb82f0d3c87ca8bd05/website/docs/.vitepress/renderIframe.ts#L11-L18 and https://github.com/semrush/intergalactic/blob/ad97ee8e0edffd359ce1f1eb82f0d3c87ca8bd05/website/docs/.vitepress/renderLoomVideo.ts#L5-L9 are vulnerable to XSS. sanitize inputs (url, title, height) and use `new URL` with further sanitization (https://github.com/MegaManSec/Security-Solutions/blob/main/Domain-Validation.md may be helpful)

- https://github.com/semrush/intergalactic/blob/ad97ee8e0edffd359ce1f1eb82f0d3c87ca8bd05/website/docs/.vitepress/theme/amplitude/amplitude-client.ts#L172-L187  `os_name: systemInfo.browser.name,` is (probably not deliberately) wrong -- `os.name` seems more realistic. the others are wrong too; check https://www.npmjs.com/package/bowser

- https://github.com/semrush/intergalactic/blob/ad97ee8e0edffd359ce1f1eb82f0d3c87ca8bd05/website/docs/.vitepress/theme/amplitude/amplitude-client.ts#L153 should be `||`

- https://github.com/semrush/intergalactic/blob/ad97ee8e0edffd359ce1f1eb82f0d3c87ca8bd05/website/docs/.vitepress/theme/amplitude/amplitude-client.ts#L78-L83 that data doesn't look like json to _me_

- https://github.com/semrush/intergalactic/blob/ad97ee8e0edffd359ce1f1eb82f0d3c87ca8bd05/website/docs/.vitepress/theme/amplitude/amplitude-client.ts#L49-L51 -- excellent way to leak api keys from GET parameters

- https://github.com/semrush/intergalactic/blob/ad97ee8e0edffd359ce1f1eb82f0d3c87ca8bd05/semcore/illustration/transform.ts#L20-L20 probably XSS here, not sure what this is actually used for, but svgs can contain javascript

like and subscribe for more

	return `
	<iframe
	src="${url}"
	class="embedded-documentation-iframe"
	title='documentation'
	height="${height}"
	/>
	`;

	return {
	platform: `${systemInfo.platform.vendor} ${systemInfo.platform.type}`,
	os_name: systemInfo.browser.name,
	os_version: systemInfo.browser.version,
	device_brand: systemInfo.os.name,
	device_manufacturer: systemInfo.os.versionName,
	device_model: '',
	country: Intl.DateTimeFormat().resolvedOptions().timeZone,
	language,
	user_properties: {
	['$set']: {
	OS: `${systemInfo.os.name} ${systemInfo.os.versionName} v${systemInfo.os.version}`,
	platform: `${systemInfo.platform.vendor} ${systemInfo.platform.type}`,
	language,
	screen: `${width} x ${height}`,
	},

	method: 'POST',
	headers: {
	Accept: 'application/json',
	},
	body: `api_key=${apiKey}&identification=${encodeURIComponent(identification)}`,
	})

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Various issues #2445

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	const title = token.info.replace('loom_video', '').trim() \|\| 'video';
	const url = tokens[idx + 2].content;

	return `<div class="embedded-video-container"><iframe src='${url}' frameborder='0' webkitAllowFullScreen mozAllowFullScreen allowFullScreen class="embedded-video-iframe" title='${title}'>`;
	}

	this.logEvent('init_app', {
	event_properties: { theme, pathname, referrer: document.referrer },
	});

	app.get('*', function (req, res) {
	res.status(404);
	});

Various issues #2445

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions