Moderate severityNVD Advisory· Published Dec 17, 2018· Updated Aug 5, 2024
CVE-2017-18352
CVE-2017-18352
Description
Reflected XSS in Rendertron 1.0.0 due to unsanitized error reporting from invalid URLs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS in Rendertron 1.0.0 due to unsanitized error reporting from invalid URLs.
Vulnerability
Rendertron 1.0.0 contains a reflected Cross-Site Scripting (XSS) vulnerability in its error reporting mechanism. When the application receives an invalid URL, the error message echoes the URL back in the response without proper sanitization, allowing injection of arbitrary HTML and JavaScript. The issue is present in version 1.0.0 as confirmed by the official description and references [1][3].
Exploitation
An attacker can craft a malicious URL containing a JavaScript payload, such as ``, and trick a victim into clicking it. When Rendertron processes this URL, the error page reflects the payload in the browser, executing the script in the context of the victim's session. No authentication or special network position is required; the attack only requires the victim to access the crafted link via a browser that interacts with the Rendertron service [3].
Impact
Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser, leading to potential theft of cookies, session tokens, or other sensitive data. The attacker can also perform actions on behalf of the victim within the context of the Rendertron application, potentially compromising user accounts or gaining unauthorized access [3].
Mitigation
The vulnerability was addressed in pull request #88 [4], which introduced input validation and error sanitization. However, the Rendertron project is now deprecated and no longer actively maintained [1]. Users are advised to migrate to alternative rendering solutions and apply the fix from the referenced pull request if still using Rendertron.
References
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rendertronnpm | < 1.1.0 | 1.1.0 |
Affected products
1Patches
18d70628c96aecopyright headers (#72)
20 files changed · +309 −0
middleware/src/middleware.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const request = require('request');
middleware/test/middleware-test.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const express = require('express');
src/cache.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const datastore = require('@google-cloud/datastore')();
src/index.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <!doctype html> <html lang="en"> <head>
src/main.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const assert = require('assert');
src/renderer.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const CDP = require('chrome-remote-interface');
test/app-test.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const request = require('supertest');
test/cache-test.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + 'use strict'; const test = require('ava');
test/resources/basic-script.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script> var element = document.createElement('title'); element.textContent = 'document' + '-title';
test/resources/custom-element.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script> class MyElement extends HTMLElement { constructor() {
test/resources/explicit-render-event.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script> setTimeout(() => { document.body.textContent = 'async loaded';
test/resources/http-meta-status-code.html+15 −0 modified@@ -1 +1,16 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <meta name="render:status_code" content="400"> \ No newline at end of file
test/resources/http-meta-status-code-multiple.html+15 −0 modified@@ -1,2 +1,17 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <meta name="render:status_code" content="401"> <meta name="render:status_code" content="402"> \ No newline at end of file
test/resources/include-script.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script src="inject-element-after-load.js"></script> <link rel="import" href="custom-element.html"> <custom-element></custom-element>
test/resources/inject-element-after-load.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + window.onload = function() { var element = document.createElement('div'); element.textContent = 'injected' + 'Element';
test/resources/inject-element.js+16 −0 modified@@ -1,3 +1,19 @@ +/* + * Copyright 2017 Google Inc. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + var element = document.createElement('div'); element.textContent = 'injectedElement'; document.body.appendChild(element); \ No newline at end of file
test/resources/script-after-load.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script> window.onload = function() { var script = document.createElement('script');
test/resources/shadow-dom-no-polyfill.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <my-element></my-element> <script> class MyElement extends HTMLElement {
test/resources/shadow-dom-polyfill-all.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script src="node_modules/@webcomponents/webcomponentsjs/webcomponents-lite.js"></script> <my-element></my-element> <script>
test/resources/shadow-dom-polyfill-loader.html+15 −0 modified@@ -1,3 +1,18 @@ +<!-- +Copyright 2017 Google Inc. All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); you may not +use this file except in compliance with the License. You may obtain a copy of +the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +License for the specific language governing permissions and limitations under +the License. +--> <script src="node_modules/@webcomponents/webcomponentsjs/webcomponents-loader.js"></script> <my-element></my-element> <script>
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-j88m-953w-8r2cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-18352ghsaADVISORY
- bugs.chromium.org/p/chromium/issues/detailghsax_refsource_MISCWEB
- github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0eghsax_refsource_MISCWEB
- github.com/GoogleChrome/rendertron/pull/88ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.