Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq

Valid

Reported on

Jan 12th 2022


Description

chaskid is a Open Source Messaging Platform for Marketing, Support & Sales this package is vulnerable for xss

Proof of Concept

Imgur

Impact

This vulnerability is capable of stored XSS

We are processing your report and will contact the chaskiq team within 24 hours. 14 days ago
We created a GitHub Issue asking the maintainers to create a SECURITY.md 13 days ago
Miguel
13 days ago

Maintainer


Hello, not sure how to reproduce the security issue, can you guide us?

Abdul muhaimin
13 days ago

Researcher


Hey , really sorry for that , my link got broken or something happened with Imgur

Here is the gdrive for poc : https://drive.google.com/file/d/1bzuZZowCtn4yF5JoQwpJNQp1RzAFk6jL/view?usp=drivesdk

Thank you

Miguel
13 days ago

Maintainer


Thanks, Abdul, I will take care of this issue asap!

Abdul muhaimin modified their report
13 days ago
Miguel
13 days ago

Maintainer


how can we help you back?

Miguel Michelson Martinez validated this vulnerability 13 days ago
Abdul muhaimin has been awarded the disclosure bounty
The fix bounty is now up for grabs
Abdul muhaimin
13 days ago

Researcher


Thank you <3

Miguel Michelson Martinez confirmed that a fix has been merged on 51768b 13 days ago
The fix bounty has been dropped
Miguel
12 days ago

Maintainer


Hey @admin, Can you assign a CVE?

Jamie Slome
9 days ago

Admin


CVE assigned and published! 🎊