Beego patches severe XSS vulnerability in open source web framework
Beego has patched a severe cross-site scripting (XSS) vulnerability that could lead to the compromise of a victim’s session or account.
Beego is an open source framework designed for building and developing applications in the Golang (Go) programming language, including RESTful APIs and backend systems.
The modular web framework includes features for code compilation, automated testing, and both the packing and deployment of Go builds. The Beego project is available on GitHub.
Last month, application security researcher Omri Inbar, who is also a member of the Checkmarx team, disclosed the XSS vulnerability to Beego.
Tracked as CVE-2021-39391, the bug, of which a CVSS score is yet to be assigned, was found in the administration panel of Beego v2.0.1.
Speaking to The Daily Swig , Inbar said that when a user navigates to a page on a website managed by the framework, the request details – such as the requested URL and Method type – are then logged and stored on the ‘Request Statistics’ page in the administrator panel.
.png)
