1 min read

XSS Vulnerability in Nginx Proxy Manager (NPM) <= v2.9.16

XSS Vulnerability in Nginx Proxy Manager (NPM) <= v2.9.16
Photo by Hacker Noon / Unsplash

A cross-site scripting (XSS) vulnerability in Nginx Proxy Manager <= v2.9.16 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. The domain input field of proxy or redirection hosts lacks input validation and allows an attacker to store malicious code in the underlying database. If such a proxy or redirection host is deleted, the specified payload of the attacker will be executed in the victim's browser.

Nginx Proxy Manager (NPM) is a reverse proxy management system running on Docker. NPM is based on an Nginx web server and provides users with a clean, efficient, and beautiful web interface for easier management. Nginx Proxy Manager enables you to easily forward to your websites running at home or otherwise, including free SSL, without having to know too much about Nginx or Letsencrypt.

Source: https://linuxhint.com/use-nginx-proxy-manager
CVE -CVE-2022-28379
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.