Store XSS in Question Tag in answerdev/answer

Valid

Reported on

Mar 5th 2023

Description

Attackers can use this vulnerability to attack users/admins in the community, take over user/admins accounts, etc...

1、Register and log in as a user, add new questions and add tags

2、Insert the following payload in the tag description

<img src=x onerror=alert(localStorage.getItem('_a_lui_'))>

3、Post a question

4、When other users/admins view this tag

5、Trigger xss

https://www.dropbox.com/s/i9zrivadppckyo8/4.png?dl=0

Execute malicious js in the community, steal user tokens, etc...

We are processing your report and will contact the answerdev/answer team within 24 hours. 18 days ago

A answerdev/answer maintainer modified the report

18 days ago

We have contacted a member of the answerdev/answer team and are waiting to hear back 17 days ago

joyqi validated this vulnerability 16 days ago

jeeseensec has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

joyqi marked this as fixed in 1.0.6 with commit 90bfa0 16 days ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

joyqi published this vulnerability 16 days ago

to join this conversation