stored xss in kromitgmbh/titra
Jun 8th 2022
Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application.
Proof of Concept
1)Go to this website: https://titra.io/
2)Click on add Track button
3)In the Task field enter the payload: <svg onload=alert('XSSPOSED')>"><h1/onmouseover='alert(/Xssposed/)'>XSSPOSED click save
4)Now Click on Details
- XSS will be triggered
This allows the attacker to execute malicious scripts in all the project members' browsers and it can lead to session hijacking, sensitive data exposure, and worse.