Store XSS in create tag in answerdev/answer

Valid

Reported on

Mar 16th 2023

Description

Feature create tag permit attacker injection html tag and execute it.

Proof of Concept

1. Add question
2. Create tag with payload in description:

<img src=x onerror=alert(1) >

3. Post your question
4. Go to link http://<your domain>/tags/<id tag>/timeline  and click created. Payload executed.

POC

https://drive.google.com/file/d/1KncWqifwi_VTbTxmCNotwMXeUkNgF9Ji/view?usp=sharing

Impact

Executing JavaScript in victim's session which leads to potential account takeover, perform actions as that user, ...

We are processing your report and will contact the answerdev/answer team within 24 hours. 2 months ago

We have contacted a member of the answerdev/answer team and are waiting to hear back 2 months ago

joyqi validated this vulnerability 2 months ago

zoro2000 has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

joyqi marked this as fixed in 1.0.7 with commit c3743b 2 months ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

joyqi published this vulnerability 2 months ago

to join this conversation