Store XSS in Question Tag in answerdev/answer


Reported on

Mar 5th 2023


Attackers can use this vulnerability to attack users/admins in the community, take over user/admins accounts, etc...

Proof of Concept

1、Register and log in as a user, add new questions and add tags

2、Insert the following payload in the tag description

<img src=x onerror=alert(localStorage.getItem('_a_lui_'))>


3、Post a question

4、When other users/admins view this tag

5、Trigger xss



Execute malicious js in the community, steal user tokens, etc...

We are processing your report and will contact the answerdev/answer team within 24 hours. 18 days ago
answerdev/answer maintainer modified the report
18 days ago
We have contacted a member of the answerdev/answer team and are waiting to hear back 17 days ago
joyqi validated this vulnerability 16 days ago
jeeseensec has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
joyqi marked this as fixed in 1.0.6 with commit 90bfa0 16 days ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
joyqi published this vulnerability 16 days ago
to join this conversation