Stored XSS in Project Name in kromitgmbh/titra
Jun 4th 2022
Titra is vulnerable to Stored XSS in Project name field.
Steps To Reproduce
- Click on Edit button
- Under the Project Name enter the paylaod
"><img src=# onerror=alert(document.domain)>
- Click on save.
- Now navigate to details the XSS will be triggered.
This allows the attacker to execute malicious scripts in all the project members browser and it can lead to session hijacking, sensitive data exposure, and worse.
@admin please change the vulnerability type from Generic XSS to Stored XSS
@saharshtapi - you should be able to change the vulnerability type to Stored XSS using the
Edit button at the top right-hand side of the page.
If you are unable to, this is because you already have a Stored XSS report pending against this repository, and so should add the other occurrences of the same vulnerability type to that report using the permalinks.
@admin Can you assign CVE?