Multiple Stored XSS in filamentphp/filament


Reported on

Jul 3rd 2022

✍️ Description

The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing.

Proof of Concept

Check this video for POC: Video


This can allow attackers to execute arbitrary JavaScript code in different contexts for different purposes (eg: a malicious attacker could potentially steal the victim's session cookies and completely takeover their accounts).

Ways to exploit:

1- This vulnerability is already affecting other repositories using the markdown for user input's

2- the Markdown editor is associated with user inputs like "author, post, ..." (eg: a malicious "author" could exploit this cross site scripting vulnerability to takeover the admin account"

We are processing your report and will contact the filamentphp/filament team within 24 hours. a year ago
We have contacted a member of the filamentphp/filament team and are waiting to hear back a year ago
filamentphp/filament maintainer
a year ago


This issue was fixed yesterday after a report from the creator of Ploi Roadmap. @admin how should I resolve this ticket, does he get a bounty?

Jamie Slome
a year ago


It is funny, because @0x7zed reported this to Ploi Roadmap, and as a result, I imagine the maintainer got in touch with you 😂

I think @0x7zed deserves the bounty and for the report to be marked as valid, AS LONG AS you believe this to be a valid vulnerability, deserving a fix.

Let me know your thoughts on the above :)

filamentphp/filament maintainer modified the Severity from High to Low a year ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
filamentphp/filament maintainer validated this vulnerability a year ago
0x7zed has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
filamentphp/filament maintainer marked this as fixed in 2.13.21 with commit 2d2c95 a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
MarkdownEditor.php#L1-L30 has been validated
filamentphp/filament maintainer gave praise a year ago
Thank you
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
to join this conversation