Cross-site Scripting (XSS) - Stored in francoisjacquet/rosariosis

Valid

Reported on

Apr 23rd 2022

Description

he software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Proof of Concept

  • login as an admin
  • go to https://www.rosariosis.org/demonstration/Modules.php?modname=School_Setup/PortalNotes.php
  • paste payload <iframe srcdoc="<svg onload=alert(1);>"> to notes
  • observe alert pop up

Impact

Every user visiting the page can be affected by malicious javascript code created by the attacker.

We are processing your report and will contact the francoisjacquet/rosariosis team within 24 hours. a year ago
intrapus modified the report
a year ago
intrapus modified the report
a year ago
We have contacted a member of the francoisjacquet/rosariosis team and are waiting to hear back a year ago
François Jacquet validated this vulnerability a year ago
intrapus has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
François Jacquet marked this as fixed in 9.0 with commit 7ded1e a year ago
François Jacquet has been awarded the fix bounty
This vulnerability will not receive a CVE
PortalNotes.php#L55-L180 has been validated
to join this conversation