Stored XSS in profile settings. in namelessmc/nameless
Jul 2nd 2022
Stored XSS via "Website" box in Profile Settings.
Proof of Concept
Go to profile settings, put the following payload in the "website" box :
google.com"><img src=x onerror=alert(document.domain)>
Save, and see the xss triggered !