Cross-site Scripting (XSS) - Reflected in collectiveaccess/providence

Valid

Reported on

Oct 25th 2021

Description

Reflected XSS in form Search.

After report https://huntr.dev/bounties/b76d075f-f6b2-40f0-b08e-a56e934d7c60/

I have retested the vulnerability and my payload is able to bypass your filter mechanism.

The input tag of the search form was escaped by my payload

<input type="text" name="search" length="15" id="caQuickSearchFormText" value="/*-/*`/*\\`/*'/*" **="" (="" *="" onclick="alert('xss')" )="" "="" onfocus="this.value='';">

Step to Reproduct

At Search input with payload: /*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert('xss') )//

The XSS will trigger when clicking to form search again

Impact

This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie.

We have contacted a member of the collectiveaccess/providence team and are waiting to hear back 2 years ago

CollectiveAccess CollectiveAccess

commented 2 years ago

Maintainer

Thanks for catching this! That error was staring us in the face for a good long while We've patched it now.

CollectiveAccess validated this vulnerability 2 years ago

lethanhphuc has been awarded the disclosure bounty

The fix bounty is now up for grabs

CollectiveAccess marked this as fixed with commit 6c1f6a 2 years ago

CollectiveAccess has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation