Store XSS in create tag in answerdev/answer


Reported on

Mar 16th 2023


Feature create tag permit attacker injection html tag and execute it.

Proof of Concept

1. Add question
2. Create tag with payload in description:

<img src=x onerror=alert(1) >

3. Post your question
4. Go to link http://<your domain>/tags/<id tag>/timeline  and click created. Payload executed.



Executing JavaScript in victim's session which leads to potential account takeover, perform actions as that user, ...

We are processing your report and will contact the answerdev/answer team within 24 hours. 2 months ago
We have contacted a member of the answerdev/answer team and are waiting to hear back 2 months ago
joyqi validated this vulnerability 2 months ago
zoro2000 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
joyqi marked this as fixed in 1.0.7 with commit c3743b 2 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
joyqi published this vulnerability 2 months ago
to join this conversation