stored xss in kromitgmbh/titra
Valid
Reported on
Jun 8th 2022
Description
Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application.
Proof of Concept
1)Go to this website: https://titra.io/
2)Click on add Track button
3)In the Task field enter the payload: <svg onload=alert('XSSPOSED')>"><h1/onmouseover='alert(/Xssposed/)'>XSSPOSED click save
4)Now Click on Details
- XSS will be triggered
poc
https://drive.google.com/file/d/19yEv7u7CbQZXyx9n96YVX8CGO0YalW2P/view?usp=sharing
Impact
This allows the attacker to execute malicious scripts in all the project members' browsers and it can lead to session hijacking, sensitive data exposure, and worse.
We are processing your report and will contact the
kromitgmbh/titra
team within 24 hours.
18 days ago
We have contacted a member of the
kromitgmbh/titra
team and are waiting to hear back
17 days ago
The researcher's credibility has increased: +7
The fix bounty has been dropped
to join this conversation