When sending the following request to the server, the response reflects the body of the request unfiltered:
PUT /api/ingestion/event/batch HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Mon, 03 Feb 2020 14:28:35 GMT
Cannot deserialize value of type `java.lang.Long` from String
"<script>alert('XSS')<script>": not a valid Long value
nputStream); line: 1, column: 14] (through reference chain:
As can be seen, the Content-Type of the response is set to text/plain. As a result of this, the reflected
future, this vulnerability might be exploitable.
See 101908991_Report_Camunda_Pentest_Camunda_BPM_Plattform_+_Camunda_Optimize_v1.0.pdf for more information.
- there is an idea in place on how we can mitigate this problem