Reflected XSS on /editor_tools/module in microweber/microweber

Valid

Reported on

Jun 17th 2022


Description

Reflected XSS with filter bypass on /editor_tools/module using type= parameter.

Proof of Concept

https://demo.microweber.org/demo/editor_tools/module?type="></div><script>alert("xss")</script>

The value of the "type" parameter is injected into the source code of the page at line 38. Since the value of the "type" parameter is not sanitized, it is possible to close the div tag with ' "></div> ' and then put javascript code.

Impact

Execute arbitrary JavaScript code with the privileges of the victim's user. This can be used for cookie stealing (account takeover), for example.

We are processing your report and will contact the microweber team within 24 hours. 9 days ago
We have contacted a member of the microweber team and are waiting to hear back 7 days ago
Peter Ivanov validated this vulnerability 6 days ago
jhond0e has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Peter Ivanov confirmed that a fix has been merged on dbd37d 6 days ago
Peter Ivanov has been awarded the fix bounty
to join this conversation