Cross-site Scripting (XSS) - Stored in volmarg/personal-management-system

Valid

Reported on

Jun 3rd 2021


✍️ Description

Stored xss

🕵️‍♂️ Proof of Concept

plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1vYCGJtEZrIihtpioiD25RPRaX5YnKJMN/view?usp=sharing

💥 Impact

xss attack

Jamie Slome
2 years ago

Admin


I have reached out to the maintainer via a GitHub Issue and we will await a response from them.

We have contacted a member of the volmarg/personal-management-system team and are waiting to hear back 2 years ago
2 years ago

I can confirm that - there was such issue, is fixed now.

volmarg/personal-management-system maintainer validated this vulnerability 2 years ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Jamie Slome marked this as fixed with commit b86145 2 years ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation