SYM_JSTS_0023 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
Passing untrusted user input directly to methods like compileScript, evaluate, navigate, or setDocumentContent in chrome-remote-interface can let attackers control sensitive actions. This exposes your application to security risks if input isn't properly validated or sanitized.
Impact
An attacker could exploit this to make your server send requests to internal or external systems (SSRF), potentially accessing private resources, leaking sensitive data, or launching further attacks from your infrastructure. This could lead to unauthorized access, data breaches, or disruption of services.