Executed Persistent stored XSS in cabot check settings, as well as the address field. As per CVEs present Stored XSS is a High Severity bug.
Proof of Concept
- setup cabot to reproduce the vulnerability
- create an account now login to the account
- Go to checks Create and navigate to http check, In the Endpoint column append a XSS payload. You can also create
- Now we can see a failed check now click run button in that checks
- XSS triggered we got output.
- If we try again the persistant XSS get triggered
Able to execute Persistent stored XSS payloads in cabot which can be used to capture user cookie.