We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Cross-site Scripting (XSS) - Stored in volmarg/personal-management-system

Valid

Reported on

Jul 4th 2021

💥 BUG

XSS via issue-name

💥 IMPACT

xss allow to execute arbitary javascript in vicitm account

💥 STEP TO REPRODUCE

1. goto http://personal-management-system.pl/my-issues/pending and create a new issue .
During creation put bellow xss payload in name field and save it.
xss"'><img src=x onerror=alert()> Now whenever you visit http://personal-management-system.pl/my-issues/pending then xsss is executed .

💥 VIDEO

https://drive.google.com/file/d/1_uCpFemhsu1qKuxAofi8Gmeo4d8C5KVG/view?usp=sharing

ranjit-git modified the report
2 years ago
ranjit-git
2 years ago

Researcher

plz contact them via dwlodarczyk13@tlen.pl see https://github.com/Volmarg/personal-management-system/issues/64 for more info

We have contacted a member of the volmarg/personal-management-system team and are waiting to hear back 2 years ago
ranjit-git submitted a
patch
2 years ago
Z-Old
2 years ago

Admin

Hey ranjit, contacted maintainer again via email provided from Github issue. Let's wait to hear back.

volmarg/personal-management-system maintainer validated this vulnerability 2 years ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
volmarg/personal-management-system maintainer marked this as fixed with commit 83d6e8 2 years ago
ranjit-git has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation