Stored XSS in Site Name in answerdev/answer

Valid

Reported on

Feb 8th 2023

Description

Stored Cross-site Scripting (XSS) vulnerability in Site name of answerdev/answer

Proof of Concept

  1. Log in then
  2. Admin ---> Setting ---> General
  3. Enter below payload at Site Name

For More Understanding please check POC: https://drive.google.com/file/d/13R6WhenB0wJZBL3Yy-XW0NZkrC0_iBlR/view?usp=sharing

// PoC.js
var payload = #"><img src=/ onerror=alert(722)>

Impact

The attacker can execute arbitrary javascript in the admin account using this XSS

We are processing your report and will contact the answerdev/answer team within 24 hours. 2 months ago
We have contacted a member of the answerdev/answer team and are waiting to hear back 2 months ago
joyqi validated this vulnerability 24 days ago
Sanket Salavi has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
joyqi marked this as fixed in 1.0.6 with commit 9870ed 24 days ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
joyqi published this vulnerability 24 days ago
to join this conversation