Stored HTML Injection via Company Name in alextselegidis/easyappointments

Valid

Reported on

Mar 8th 2023

Description

easyappointments present an html injection vulnerability on the company name field on "/index.php/backend/settings" page.

Steps:

  1. login as admin
  2. go to /index.php/backend/settings Page
  3. insert the payload in Company Name field
  4. go back to the home page and see the result.

Proof of Concept

//Payload
------><a href="https://google.com"> CLICKHERE</a> <------

i hope i was helpful.

Impact

*. A stored HTML injection attack occurs when an attacker injects malicious HTML code into legitimate HTML code of a web application.

*. This vulnerability can lead to various types of attacks, including open redirects, phishing attempts, and browser hijacking.

*. Additionally, an attacker can gain access to the victim's IP address, latitude and longitude, and potentially carry out a camera phishing attack.

*. Overall, a stored HTML injection vulnerability can have severe consequences and it is important to prevent and mitigate this type of attack.

References

We are processing your report and will contact the alextselegidis/easyappointments team within 24 hours. 14 days ago
We have contacted a member of the alextselegidis/easyappointments team and are waiting to hear back 13 days ago
Alex Tselegidis validated this vulnerability 10 days ago
Hakiduck has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Alex Tselegidis marked this as fixed in 1.5.0 with commit 453c6e 10 days ago
Alex Tselegidis has been awarded the fix bounty
This vulnerability has been assigned a CVE
Alex Tselegidis published this vulnerability 10 days ago
to join this conversation