10:["$","$L2e",null,{"pageReplacement":"$undefined","getWebVital":false,"pageId":"bug-reports-bic-notes-report-35905","records":{"block":{"bug-reports-bic-notes-report-35905":{"id":"bug-reports-bic-notes-report-35905","children":["12f6d11db454809b96faccaf34104af0","12f6d11db4548090a468f7ebc5f414f2","12f6d11db4548044b01acc0879d8f8ee","12f6d11db45480f996f6f789418dd6b4","12f6d11db45480ffb233e0712d9b0ea8"],"hasContent":true,"parentId":"81d407a13ac34b24afbd8ae2f633beb8","title":[["Report #35905"]],"updatedAt":1730248689648,"type":"page","spaceId":"ab0b716f-1149-44f9-a5f8-3c1faef24f49","icon":"📄","createdTime":1730248368113,"lastEditedTime":1730248689648,"createdBy":[{"0":"‣","1":[{"0":"u"}]}],"lastEditedBy":[{"0":"‣","1":[{"0":"u"}]}],"layout":null,"propertySort":[{"property":"{a|D","visibility":"show","type":"date","name":"Report Date"},{"property":"GnWs","visibility":"show","type":"select","name":"Status"},{"property":"Fh<[","visibility":"show","type":"number","name":"Payout"}],"uri":"/bug-reports/bic-notes/report-35905","fullWidth":false,"smallText":false,"noCover":true,"superProperties":{},"propertyValues":{"{a|D":[["‣",[["d",{"type":"date","start_date":"2024-10-12"}]]]],"GnWs":[{"color":"gray","value":"Closed"}]},"blockId":"12f6d11d-b454-80d0-8bf6-f2070906568e"},"bug-reports":{"id":"bug-reports","children":[],"hasContent":true,"parentId":"a5a7bf6b51ec4b68b32f2007f41274ef","title":[["Bug Reports"]],"updatedAt":1730166674632,"type":"page","spaceId":"ab0b716f-1149-44f9-a5f8-3c1faef24f49","icon":"🪲","coverPosition":0.2693,"createdTime":1666242480000,"lastEditedTime":1730166674632,"createdBy":[{"0":"‣","1":[{"0":"u"}]}],"lastEditedBy":[{"0":"‣","1":[{"0":"u"}]}],"description":null,"cover":"https://images.spr.so/cdn-cgi/imagedelivery/j42No7y-dcokJuNgXeA0ig/a2bce83a-eb08-4b8a-84dd-4de45ceb9115/dalle/public","uri":"/bug-reports","blockId":"f653305e-4ed7-4734-bb5d-fe173aa8d98f"},"d2246af0639c440b9153316b52856b7d":{"id":"d2246af0639c440b9153316b52856b7d","children":[],"hasContent":true,"parentId":"7152ae7a68b846a18b9ad3f2b742cf39","title":[["Beanstalk Notion"]],"updatedAt":1726681064870,"type":"page","spaceId":"ab0b716f-1149-44f9-a5f8-3c1faef24f49","icon":"https://images.spr.so/cdn-cgi/imagedelivery/j42No7y-dcokJuNgXeA0ig/8eb7da25-afae-45ec-95dc-67fbfc3937de/bean-200x200/public","coverPosition":0.1349,"createdTime":1665459157361,"lastEditedTime":1726681064870,"createdBy":[{"0":"‣","1":[{"0":"u"}]}],"lastEditedBy":[{"0":"‣","1":[{"0":"u"}]}],"description":null,"cover":"https://images.spr.so/cdn-cgi/imagedelivery/j42No7y-dcokJuNgXeA0ig/55f768dc-bb88-491b-8aaf-55c802563c47/bg-mainnet/public","uri":"/d2246af0639c440b9153316b52856b7d","blockId":"d2246af0-639c-440b-9153-316b52856b7d"},"bug-reports-bic-notes":{"id":"bug-reports-bic-notes","children":[],"hasContent":false,"parentId":"bug-reports","title":[["BIC Notes"]],"updatedAt":1730248770738,"type":"collection_page","spaceId":"ab0b716f-1149-44f9-a5f8-3c1faef24f49","uri":"/bug-reports/bic-notes","collectionId":"81d407a1-3ac3-4b24-afbd-8ae2f633beb8","views":[],"icon":null,"cover":null,"description":[],"coverPosition":1},"links":{"id":"links","children":[],"hasContent":false,"parentId":"d2246af0639c440b9153316b52856b7d","title":[["Links"]],"updatedAt":1674433368143,"type":"collection_page","spaceId":"ab0b716f-1149-44f9-a5f8-3c1faef24f49","uri":"/links","collectionId":"a5a7bf6b-51ec-4b68-b32f-2007f41274ef","views":[],"icon":"🔗","cover":null,"description":[["Pages in the Beanstalk Community Resource Center."]],"coverPosition":1},"12f6d11db454809b96faccaf34104af0":{"id":"12f6d11db454809b96faccaf34104af0","children":[],"hasContent":false,"parentId":"bug-reports-bic-notes-report-35905","title":[["XSS vulnerability on basin.exchange leads to potential session hijacking and unauthorized actions"]],"updatedAt":1730248510850,"type":"heading","subType":"sub_header","depth":2},"12f6d11db4548090a468f7ebc5f414f2":{"id":"12f6d11db4548090a468f7ebc5f414f2","children":["12f6d11db4548050b532ce7852fb571d","12f6d11db4548052b842ce11c0853fad","12f6d11db454809b9685fbeea05583e3","12f6d11db45480cb8950db42e90cd252","12f6d11db454808d9e6dfd1111dffbf0","12f6d11db454809cb89ff34640754864","12f6d11db454802fbeafd7907180a8db","12f6d11db4548051b6f0d8fcfdd92252","12f6d11db4548087ac83f00a6c45be1d","12f6d11db45480d8bc26c5f414a205b1","12f6d11db454801fb4c4f057662b7bae","12f6d11db45480e4985df443f913bd5d","12f6d11db454804480fddb0448791e0e","12f6d11db4548006b51cc3f513a03f31","12f6d11db4548037b6faefc10362a980","12f6d11db45480f78de8dc38dc72db71","12f6d11db4548057a7fefccd90f69c2c","12f6d11db4548052985aebf93e8af128","12f6d11db4548090a4dac4751846e5e9","12f6d11db454801995aaff416346d438","12f6d11db45480049e9ef8c47aaebbfc","12f6d11db454801db8eacaacdd387bc5","12f6d11db454807fb81af15e347691d3","12f6d11db454800595c8ce64dad90fac","12f6d11db4548071aff7c02bf9bf14fa","12f6d11db454805193fad2142fa19220","12f6d11db45480e8a6c4cebc57f633c9","12f6d11db454805e8e2ee3641b43fb46","12f6d11db45480c1b43cf24d5d0bccbe","12f6d11db45480b590bef4918653ff76","12f6d11db45480cda9b9da8cd891cc21","12f6d11db45480c08558fc95178b7fe6","12f6d11db45480a1ad7fed33e12aea7d","12f6d11db45480f5a963d01795b51400","12f6d11db45480be84eee0ff1b2469d4","12f6d11db45480be83bbf69b1de6225c","12f6d11db45480ca9b46ef45d948f8bd","12f6d11db4548017aa88d6c96001b30d","12f6d11db45480f1ba22e1bde9b09321","12f6d11db45480219806ca7e08a4e1fc","12f6d11db454806d90adca3cfd0b562a","12f6d11db45480cba1a7da64a6cb97c7","12f6d11db454805da761cb4e473bcdfa","12f6d11db45480e696ecf4ca3ba7bb1e","12f6d11db454806ebf22c41e9d3c876b","12f6d11db45480388d4fd433d56532e5","12f6d11db45480659a66ebb72d893afb","12f6d11db45480b89c4be2cceb3442ca","12f6d11db45480578b8cf339f6ec7e02","12f6d11db45480b99b7ef4a58628adc4","12f6d11db45480899658c9d2a473a608","12f6d11db4548013b458d6ced2b136e3","12f6d11db454800a8551ca913df2e1f2","12f6d11db454802e87b3c28cecc17f1b","12f6d11db45480269f65c68f9453a771"],"hasContent":true,"parentId":"bug-reports-bic-notes-report-35905","title":[["Report Info",[["b",null]]]],"updatedAt":1730248639792,"type":"toggle","subType":null,"depth":null,"color":null},"12f6d11db4548050b532ce7852fb571d":{"id":"12f6d11db4548050b532ce7852fb571d","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Report ID",[["b",null]]]],"updatedAt":1730248578485,"type":"text"},"12f6d11db4548052b842ce11c0853fad":{"id":"12f6d11db4548052b842ce11c0853fad","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["#35905"]],"updatedAt":1730248578485,"type":"text"},"12f6d11db454809b9685fbeea05583e3":{"id":"12f6d11db454809b9685fbeea05583e3","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Report type",[["b",null]]]],"updatedAt":1730248579681,"type":"text"},"12f6d11db45480cb8950db42e90cd252":{"id":"12f6d11db45480cb8950db42e90cd252","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Websites and Applications"]],"updatedAt":1730248582289,"type":"text"},"12f6d11db454808d9e6dfd1111dffbf0":{"id":"12f6d11db454808d9e6dfd1111dffbf0","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Has PoC?",[["b",null]]]],"updatedAt":1730248570389,"type":"text"},"12f6d11db454809cb89ff34640754864":{"id":"12f6d11db454809cb89ff34640754864","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Yes"]],"updatedAt":1730248570389,"type":"text"},"12f6d11db454802fbeafd7907180a8db":{"id":"12f6d11db454802fbeafd7907180a8db","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Target",[["b",null]]]],"updatedAt":1730248570389,"type":"text"},"12f6d11db4548051b6f0d8fcfdd92252":{"id":"12f6d11db4548051b6f0d8fcfdd92252","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["https://basin.exchange",[["a","https://basin.exchange"]]]],"updatedAt":1730248586673,"type":"text"},"12f6d11db4548087ac83f00a6c45be1d":{"id":"12f6d11db4548087ac83f00a6c45be1d","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Impacts",[["b",null]]]],"updatedAt":1730248570389,"type":"text"},"12f6d11db45480d8bc26c5f414a205b1":{"id":"12f6d11db45480d8bc26c5f414a205b1","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Injecting code that results in malicious interactions with an already-connected wallet such as modifying transaction arguments or parameters, substituting contract addresses, submitting malicious transactions"]],"updatedAt":1730248570389,"type":"bulleted_list"},"12f6d11db454801fb4c4f057662b7bae":{"id":"12f6d11db454801fb4c4f057662b7bae","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Persistent content spoofing / text injection issues"]],"updatedAt":1730248570389,"type":"bulleted_list"},"12f6d11db45480e4985df443f913bd5d":{"id":"12f6d11db45480e4985df443f913bd5d","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Description",[["b",null]]]],"updatedAt":1730248570389,"type":"heading","subType":"sub_sub_header","depth":3},"12f6d11db454804480fddb0448791e0e":{"id":"12f6d11db454804480fddb0448791e0e","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Brief/Intro",[["b",null]]]],"updatedAt":1730248570389,"type":"heading","subType":"sub_sub_header","depth":3},"12f6d11db4548006b51cc3f513a03f31":{"id":"12f6d11db4548006b51cc3f513a03f31","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["The website basin.exchange is vulnerable to Cross-Site Scripting (XSS) attacks. XSS is a security vulnerability that allows an attacker to inject malicious scripts into web pages viewed by other users."]],"updatedAt":1730248570389,"type":"text"},"12f6d11db4548037b6faefc10362a980":{"id":"12f6d11db4548037b6faefc10362a980","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Vulnerability Details",[["b",null]]]],"updatedAt":1730248570389,"type":"heading","subType":"sub_sub_header","depth":3},"12f6d11db45480f78de8dc38dc72db71":{"id":"12f6d11db45480f78de8dc38dc72db71","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["The vulnerability exists because the website does not properly sanitize user inputs, allowing malicious scripts to be injected and executed in the context of a user's browser session."]],"updatedAt":1730248570389,"type":"text"},"12f6d11db4548057a7fefccd90f69c2c":{"id":"12f6d11db4548057a7fefccd90f69c2c","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["To demonstrate this vulnerability, several DOM Injection payloads were used to test for XSS vulnerabilities."]],"updatedAt":1730248570389,"type":"text"},"12f6d11db4548052985aebf93e8af128":{"id":"12f6d11db4548052985aebf93e8af128","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Impact Details",[["b",null]]]],"updatedAt":1730248602843,"type":"heading","subType":"sub_sub_header","depth":3},"12f6d11db4548090a4dac4751846e5e9":{"id":"12f6d11db4548090a4dac4751846e5e9","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["The potential impact of this vulnerability includes the execution of arbitrary scripts in the context of a user's session. This can lead to:"]],"updatedAt":1730248570389,"type":"text"},"12f6d11db454801995aaff416346d438":{"id":"12f6d11db454801995aaff416346d438","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Stealing session cookies"]],"updatedAt":1730248570389,"type":"bulleted_list"},"12f6d11db45480049e9ef8c47aaebbfc":{"id":"12f6d11db45480049e9ef8c47aaebbfc","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Redirecting users to malicious websites"]],"updatedAt":1730248570389,"type":"bulleted_list"},"12f6d11db454801db8eacaacdd387bc5":{"id":"12f6d11db454801db8eacaacdd387bc5","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Defacement of the website"]],"updatedAt":1730248570389,"type":"bulleted_list"},"12f6d11db454807fb81af15e347691d3":{"id":"12f6d11db454807fb81af15e347691d3","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["The severity of this vulnerability is high, as it could lead to unauthorized actions on behalf of the user or data theft."]],"updatedAt":1730248570389,"type":"text"},"12f6d11db454800595c8ce64dad90fac":{"id":"12f6d11db454800595c8ce64dad90fac","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Risk Assessment",[["b",null]]]],"updatedAt":1730248607892,"type":"heading","subType":"sub_sub_header","depth":3},"12f6d11db4548071aff7c02bf9bf14fa":{"id":"12f6d11db4548071aff7c02bf9bf14fa","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Based on CVSS v3, the severity of the XSS vulnerability is assessed as follows:"]],"updatedAt":1730248570389,"type":"text"},"12f6d11db454805193fad2142fa19220":{"id":"12f6d11db454805193fad2142fa19220","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Attack Vector",[["b",null]]],[": Network (The vulnerability can be exploited remotely over the internet)"]],"updatedAt":1730248570389,"type":"bulleted_list"},"12f6d11db45480e8a6c4cebc57f633c9":{"id":"12f6d11db45480e8a6c4cebc57f633c9","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Attack Complexity",[["b",null]]],[": Low (The attack does not require special conditions and can be easily replicated)"]],"updatedAt":1730248570389,"type":"bulleted_list"},"12f6d11db454805e8e2ee3641b43fb46":{"id":"12f6d11db454805e8e2ee3641b43fb46","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Privileges Required",[["b",null]]],[": None (No authentication is required to exploit the vulnerability)"]],"updatedAt":1730248570389,"type":"bulleted_list"},"12f6d11db45480c1b43cf24d5d0bccbe":{"id":"12f6d11db45480c1b43cf24d5d0bccbe","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["User Interaction",[["b",null]]],[": Required (The attack requires a user to visit the compromised page)"]],"updatedAt":1730248570389,"type":"bulleted_list"},"12f6d11db45480b590bef4918653ff76":{"id":"12f6d11db45480b590bef4918653ff76","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Confidentiality Impact",[["b",null]]],[": High (The attacker can access sensitive information such as session cookies)"]],"updatedAt":1730248570389,"type":"bulleted_list"},"12f6d11db45480cda9b9da8cd891cc21":{"id":"12f6d11db45480cda9b9da8cd891cc21","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Integrity Impact",[["b",null]]],[": High (The attacker can modify the content displayed to users)"]],"updatedAt":1730248570389,"type":"bulleted_list"},"12f6d11db45480c08558fc95178b7fe6":{"id":"12f6d11db45480c08558fc95178b7fe6","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Availability Impact",[["b",null]]],[": Low (The attack may not directly impact the availability of the service)"]],"updatedAt":1730248570389,"type":"bulleted_list"},"12f6d11db45480a1ad7fed33e12aea7d":{"id":"12f6d11db45480a1ad7fed33e12aea7d","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["CVSS v3 Score: 7.5 (High)",[["b",null]]]],"updatedAt":1730248570389,"type":"heading","subType":"sub_sub_header","depth":3},"12f6d11db45480f5a963d01795b51400":{"id":"12f6d11db45480f5a963d01795b51400","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Recommendations for Remediation",[["b",null]]]],"updatedAt":1730248614238,"type":"heading","subType":"sub_sub_header","depth":3},"12f6d11db45480be84eee0ff1b2469d4":{"id":"12f6d11db45480be84eee0ff1b2469d4","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["For XSS Vulnerabilities:",[["b",null]]]],"updatedAt":1730248570389,"type":"heading","subType":"sub_sub_header","depth":3},"12f6d11db45480be83bbf69b1de6225c":{"id":"12f6d11db45480be83bbf69b1de6225c","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Input Validation",[["b",null]]],[": Validate all user inputs to ensure they conform to the expected format (e.g., length, allowed characters, etc.). Reject any unexpected input."]],"updatedAt":1730248570389,"type":"numbered_list"},"12f6d11db45480ca9b46ef45d948f8bd":{"id":"12f6d11db45480ca9b46ef45d948f8bd","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Output Encoding",[["b",null]]],[": Encode all user inputs before rendering them on the web page to prevent malicious scripts from being executed."]],"updatedAt":1730248570389,"type":"numbered_list"},"12f6d11db4548017aa88d6c96001b30d":{"id":"12f6d11db4548017aa88d6c96001b30d","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Content Security Policy (CSP)",[["b",null]]],[": Implement CSP to restrict the sources from which content can be loaded, preventing the execution of injected scripts."]],"updatedAt":1730248570389,"type":"numbered_list"},"12f6d11db45480f1ba22e1bde9b09321":{"id":"12f6d11db45480f1ba22e1bde9b09321","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["HTTP Headers",[["b",null]]],[": Use security headers such as "],["X-XSS-Protection",[["b",null],["c",null]]],[" to help protect against reflected XSS attacks."]],"updatedAt":1730248570389,"type":"numbered_list"},"12f6d11db45480219806ca7e08a4e1fc":{"id":"12f6d11db45480219806ca7e08a4e1fc","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Regular Security Testing",[["b",null]]],[": Conduct regular security audits and automated testing to identify potential XSS vulnerabilities."]],"updatedAt":1730248570389,"type":"numbered_list"},"12f6d11db454806d90adca3cfd0b562a":{"id":"12f6d11db454806d90adca3cfd0b562a","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["References",[["b",null]]]],"updatedAt":1730248618905,"type":"heading","subType":"sub_sub_header","depth":3},"12f6d11db45480cba1a7da64a6cb97c7":{"id":"12f6d11db45480cba1a7da64a6cb97c7","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["MDN Web Docs - Cross-Site Scripting (XSS): [https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting]("],["https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting",[["a","https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting"]]],[")"]],"updatedAt":1730248624281,"type":"bulleted_list"},"12f6d11db454805da761cb4e473bcdfa":{"id":"12f6d11db454805da761cb4e473bcdfa","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Puppeteer Documentation: [https://pptr.dev]("],["https://pptr.dev",[["a","https://pptr.dev/"]]],[")"]],"updatedAt":1730248624281,"type":"bulleted_list"},"12f6d11db45480e696ecf4ca3ba7bb1e":{"id":"12f6d11db45480e696ecf4ca3ba7bb1e","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["OWASP XSS Prevention Cheat Sheet: [https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html]("],["https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html",[["a","https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html"]]],[")"]],"updatedAt":1730248624281,"type":"bulleted_list"},"12f6d11db454806ebf22c41e9d3c876b":{"id":"12f6d11db454806ebf22c41e9d3c876b","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Proof of concept",[["b",null]]]],"updatedAt":1730248570389,"type":"heading","subType":"sub_sub_header","depth":3},"12f6d11db45480388d4fd433d56532e5":{"id":"12f6d11db45480388d4fd433d56532e5","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["The following XSS payloads were tested, and the results are shown below:"]],"updatedAt":1730248570389,"type":"text"},"12f6d11db45480659a66ebb72d893afb":{"id":"12f6d11db45480659a66ebb72d893afb","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["Tested Pages:",[["b",null]]]],"updatedAt":1730248570389,"type":"text"},"12f6d11db45480b89c4be2cceb3442ca":{"id":"12f6d11db45480b89c4be2cceb3442ca","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["https://basin.exchange/",[["a","https://basin.exchange/"]]]],"updatedAt":1730248652259,"type":"bulleted_list"},"12f6d11db45480578b8cf339f6ec7e02":{"id":"12f6d11db45480578b8cf339f6ec7e02","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["https://basin.exchange/build",[["a","https://basin.exchange/build"]]]],"updatedAt":1730248652259,"type":"bulleted_list"},"12f6d11db45480b99b7ef4a58628adc4":{"id":"12f6d11db45480b99b7ef4a58628adc4","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["https://basin.exchange/build#/wells",[["a","https://basin.exchange/build#/wells"]]]],"updatedAt":1730248652259,"type":"bulleted_list"},"12f6d11db45480899658c9d2a473a608":{"id":"12f6d11db45480899658c9d2a473a608","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["https://basin.exchange/build#/swap",[["a","https://basin.exchange/build#/swap"]]]],"updatedAt":1730248652259,"type":"bulleted_list"},"12f6d11db4548013b458d6ced2b136e3":{"id":"12f6d11db4548013b458d6ced2b136e3","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["XSS Payloads Used:",[["b",null]]]],"updatedAt":1730248570389,"type":"heading","subType":"sub_sub_header","depth":3},"12f6d11db454800a8551ca913df2e1f2":{"id":"12f6d11db454800a8551ca913df2e1f2","children":[],"hasContent":false,"parentId":"12f6d11db4548090a468f7ebc5f414f2","title":[["1. \">

\n2. \">

Report #35905

XSS vulnerability on basin.exchange leads to potential session hijacking and unauthorized actions

BIC Response