Stored XSS in application name. in autolab/autolab
May 11th 2022
Hi there, there is a stored XSS in Oauth application name.
Proof of Concept
- Install a local instance of Autolab.
- Go to
/oauth/applicationsand create a new application with name
<img src=a onerror=alert(document.cookie)>.
- Click on
Authorizeand see that a pop up appears with user's cookies.
Link to POC
Stored XSS, cookies steal.
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Joey Wildman validated this vulnerability a year ago
We have verified this issue and are working on a fix.
justinp09010 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
to join this conversation