stored xss in kromitgmbh/titra
Valid
Reported on
Jun 8th 2022
Description
Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application.
Proof of Concept
1)Go to this website: https://titra.io/
2)Click on add Track button
3)In the Task field enter the payload: <svg onload=alert('XSSPOSED')>"><h1/onmouseover='alert(/Xssposed/)'>XSSPOSED click save
4)Now Click on Details
- XSS will be triggered
poc
https://drive.google.com/file/d/19yEv7u7CbQZXyx9n96YVX8CGO0YalW2P/view?usp=sharing
Impact
This allows the attacker to execute malicious scripts in all the project members' browsers and it can lead to session hijacking, sensitive data exposure, and worse.
We are processing your report and will contact the
kromitgmbh/titra
team within 24 hours.
a year ago
We have contacted a member of the
kromitgmbh/titra
team and are waiting to hear back
a year ago
The researcher's credibility has increased: +7
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation