Multiple Stored XSS in filamentphp/filament
Jul 3rd 2022
The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing.
Proof of Concept
Check this video for POC: Video
Ways to exploit:
1- This vulnerability is already affecting other repositories using the markdown for user input's
2- the Markdown editor is associated with user inputs like "author, post, ..." (eg: a malicious "author" could exploit this cross site scripting vulnerability to takeover the admin account"