Cross-site Scripting (XSS) - Stored in volmarg/personal-management-system

Valid

Reported on

Jul 4th 2021


ūüí• BUG

XSS via issue-name

ūüí• IMPACT

xss allow to execute arbitary javascript in vicitm account

ūüí• STEP TO REPRODUCE

1. goto http://personal-management-system.pl/my-issues/pending and create a new issue .
During creation put bellow xss payload in name field and save it.
xss"'><img src=x onerror=alert()> Now whenever you visit http://personal-management-system.pl/my-issues/pending then xsss is executed .

ūüí• VIDEO

https://drive.google.com/file/d/1_uCpFemhsu1qKuxAofi8Gmeo4d8C5KVG/view?usp=sharing

ranjit-git modified the report
a year ago
ranjit-git
a year ago

Researcher


plz contact them via dwlodarczyk13@tlen.pl see https://github.com/Volmarg/personal-management-system/issues/64 for more info

We have contacted a member of the volmarg/personal-management-system team and are waiting to hear back a year ago
ranjit-git submitted a
a year ago
Z-Old
a year ago

Admin


Hey ranjit, contacted maintainer again via email provided from Github issue. Let's wait to hear back.

A volmarg/personal-management-system maintainer validated this vulnerability a year ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
A volmarg/personal-management-system maintainer confirmed that a fix has been merged on 83d6e8 a year ago
ranjit-git has been awarded the fix bounty
to join this conversation