xss vi filename in neorazorx/facturascripts


Reported on

May 13th 2022


xss using filename

Proof of Concept

1. First download this file https://github.com/ranjit-git/poc/blob/master/xss%22'%3E%3Cimg%20src%3Dx%20onerror%3Dalert(123)%3E.jpeg in your system . Dont change the filename .
Filename like xss"'><img src=x onerror=alert(123)>.jpeg will be created in linux system . In windows its not possible .
2. upload this file to https://localhost/ListAttachedFile and save it . Now xss is executed .
Whenever any user tru to view this file then xss is executed


xss used to still victim cookie

We are processing your report and will contact the neorazorx/facturascripts team within 24 hours. a year ago
We have contacted a member of the neorazorx/facturascripts team and are waiting to hear back a year ago
Carlos Garcia
a year ago


I was unable to reproduce the error. The file is moved to the MyFiles folder by replacing the original name with an id, and the original name is stored in the database with the html escaped.


We have sent a follow up to the neorazorx/facturascripts team. We will try again in 7 days. a year ago
a year ago


Carlos Garcia validated this vulnerability a year ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Carlos Garcia
a year ago


Thank you very much for the demonstration. I have fixed the bug and added a test to avoid regressions.

Carlos Garcia marked this as fixed in 2022.08 with commit 7882db a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation