Appium Base Driver
Monthly
Reflected cross-site scripting in Appium's base-driver allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser on the Appium server origin. All Appium installations prior to 10.7.0 unconditionally expose three test routes whose `compileLodashTemplate` handler reflects unsanitized user-controlled inputs - the `throwError` query parameter, the `comments` POST field, and the `User-Agent` request header - directly into rendered HTML without output encoding. No public exploit has been identified at time of analysis, but the zero-authentication requirement and permanently-mounted test routes make any network-reachable Appium server an attack surface with no opt-out mechanism below the fix version.
Reflected cross-site scripting in Appium's base-driver allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser on the Appium server origin. All Appium installations prior to 10.7.0 unconditionally expose three test routes whose `compileLodashTemplate` handler reflects unsanitized user-controlled inputs - the `throwError` query parameter, the `comments` POST field, and the `User-Agent` request header - directly into rendered HTML without output encoding. No public exploit has been identified at time of analysis, but the zero-authentication requirement and permanently-mounted test routes make any network-reachable Appium server an attack surface with no opt-out mechanism below the fix version.