Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq

Valid

Reported on

Jan 12th 2022


Description

chaskid is a Open Source Messaging Platform for Marketing, Support & Sales this package is vulnerable for xss

Proof of Concept

Imgur

Impact

This vulnerability is capable of stored XSS

We are processing your report and will contact the chaskiq team within 24 hours. 16 days ago
We created a GitHub Issue asking the maintainers to create a SECURITY.md 15 days ago
Miguel
15 days ago

Maintainer


Hello, not sure how to reproduce the security issue, can you guide us?

Abdul muhaimin
15 days ago

Researcher


Hey , really sorry for that , my link got broken or something happened with Imgur

Here is the gdrive for poc : https://drive.google.com/file/d/1bzuZZowCtn4yF5JoQwpJNQp1RzAFk6jL/view?usp=drivesdk

Thank you

Miguel
15 days ago

Maintainer


Thanks, Abdul, I will take care of this issue asap!

Abdul muhaimin modified their report
15 days ago
Miguel
15 days ago

Maintainer


how can we help you back?

Miguel Michelson Martinez validated this vulnerability 15 days ago
Abdul muhaimin has been awarded the disclosure bounty
The fix bounty is now up for grabs
Abdul muhaimin
15 days ago

Researcher


Thank you <3

Miguel Michelson Martinez confirmed that a fix has been merged on 51768b 15 days ago
The fix bounty has been dropped
Miguel
14 days ago

Maintainer


Hey @admin, Can you assign a CVE?

Jamie Slome
11 days ago

Admin


CVE assigned and published! 🎊