Cross-site Scripting (XSS) - Generic in mailtrain-org/mailtrain

Valid

Reported on

Apr 19th 2021


✍️ Description

Stored xss via campaign file upload

🕵️‍♂️ Proof of Concept

  1. First goto http://localhost:3000/campaigns and open a campaign . 2.Now in linux create a file with bellow name.
  2. Now upload the created file in the above capaign http://localhost:3000/campaigns/1/files and see xss is executed

fileName --> xss"'><img src=x onerror=alert(document.domain)>.svg

VIDEO POC--->

https://drive.google.com/file/d/1d11lAACxOSolkV-fB3mLB1k4CLJoNq7Q/view?usp=sharing

💥 Impact

xss attack

Tomas Bures
8 months ago

Good catch. Thank you. I'll take a look at it.