AWS JavaScript S3 Explorer Vulnerable to XSS Attacks
CVE-2024-28823

Currently unrated

Key Information:

Vendor

Amazon

Vendor
CVE Published:
11 March 2024

What is CVE-2024-28823?

A cross-site scripting vulnerability exists in Amazon's AWS JavaScript S3 Explorer version 1.0.0. The flaw arises when a malicious user crafts a specific S3 bucket name that is then processed by the index.html file. This can lead to execution of arbitrary scripts in the context of the user's browser, potentially compromising sensitive data and allowing unauthorized actions on behalf of the user. Proper input validation and sanitization practices are essential to mitigate this issue.

References

https://github.com/awslabs/aws-js-s3-explorer/issues/118
https://github.com/awslabs/aws-js-s3-explorer/commit/f62f...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-28823 : AWS JavaScript S3 Explorer Vulnerable to XSS Attacks