Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability Summary Vulnerability Type: Stored Cross-site Scripting (XSS) Affected Version: Snorby 2.6.2 Vendor: Snorby Description During research and testing of new intrusion detection systems (such as Suricata), I discovered a stored XSS vulnerability in Snorby's web user interface. This vulnerability exists in the module for adding new threat classification models. User input is not properly sanitized before being saved to the database, or output in event/menu code is not properly filtered, allowing the attack vector to be executed. Vulnerability Details The output in the file is not properly sanitized before rendering. Mitigation In Rails, simple XSS mitigation can be achieved using . For example, the following code filters XSS vectors by removing the attribute from image tags. Solution Update to the latest version available on GitHub. Disclosure Timeline 2015-06-30: Vendor notification 2015-06-30: CVE ID requested 2015-07-01: Vendor acknowledgement 2015-07-01: Vendor pushed a fix Credits Federico Fazzi (federico.fazzi@gmail.com)