Cross-site Scripting (XSS) - Stored in knadh/listmonk
May 18th 2021
Stored xss via file upload
💥 STEP TO REPRODUCE
- From your account goto http://localhost:9000/campaigns/media and upload a image . Now change the filename to html file and put xss payload in the browser network tab. now forward the request .
- Now visit the uploaded file and see xss is executed