Cross-site Scripting (XSS) - Reflected in collectiveaccess/providence

Valid

Reported on

Oct 25th 2021


Description

Reflected XSS in form Search.

After report https://huntr.dev/bounties/b76d075f-f6b2-40f0-b08e-a56e934d7c60/

I have retested the vulnerability and my payload is able to bypass your filter mechanism.

The input tag of the search form was escaped by my payload

<input type="text" name="search" length="15" id="caQuickSearchFormText" value="/*-/*`/*\\`/*'/*" **="" (="" *="" onclick="alert('xss')" )="" "="" onfocus="this.value='';">

Step to Reproduct

Login to Panel

At Search input with payload: /*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert('xss') )//

The XSS will trigger when clicking to form search again

Impact

This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie.

We have contacted a member of the collectiveaccess/providence team and are waiting to hear back a month ago
CollectiveAccess
a month ago

Maintainer


Thanks for catching this! That error was staring us in the face for a good long while We've patched it now.

CollectiveAccess validated this vulnerability a month ago
lethanhphuc has been awarded the disclosure bounty
The fix bounty is now up for grabs
CollectiveAccess confirmed that a fix has been merged on 6c1f6a a month ago
CollectiveAccess has been awarded the fix bounty