XSS Stored - Content of tasks are not sanitize in infotelglpi/tasklists

Valid

Reported on

Oct 27th 2022


Description

If a user inject an XSS payload inside the content of a task. All users that visit the kanban will execute the corresponding XSS payload.

Proof of Concept

Create XSS in task content

XSS is executed

Impact

XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. The most severe XSS attacks involve disclosure of the user’s session cookie, allowing an attacker to hijack the user’s session and take over the account. Other damaging attacks include the disclosure of end user files, installation of Trojan horse programs, redirecting the user to some other page or site, or modifying presentation of content. An XSS vulnerability allowing an attacker to modify a press release or news item could affect a company’s stock price or lessen consumer confidence. An XSS vulnerability on a pharmaceutical site could allow an attacker to modify dosage information resulting in an overdose. Source OWASP - Cross Site Scripting (XSS).

References

We are processing your report and will contact the infotelglpi/tasklists team within 24 hours. a month ago
We created a GitHub Issue asking the maintainers to create a SECURITY.md a month ago
We have contacted a member of the infotelglpi/tasklists team and are waiting to hear back a month ago
infotelglpi/tasklists maintainer has acknowledged this report a month ago
infotelglpi/tasklists maintainer gave praise a month ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
infotelglpi/tasklists maintainer validated this vulnerability a month ago
xanhacks has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
infotelglpi/tasklists maintainer marked this as fixed in 2.0.3 with commit 4a1b30 a month ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
infotelglpi/tasklists maintainer published this vulnerability a month ago
to join this conversation