Apr 19th 2021
Stored xss via giving
🕵️♂️ Proof of Concept
- There is a group called testing2. user A and user B both are member in those group .
- Now user B (user 2) goto http://user-xx:8000/app/contributions in above group contribution and add a Giving with bellow xss payload
xss"'><img src=x onerror=alert(document.domain)>
- Now xss will be executed in user A account .