Store XSS in Question Tag in answerdev/answer

Valid

Reported on

Mar 5th 2023


Description

Attackers can use this vulnerability to attack users/admins in the community, take over user/admins accounts, etc...

Proof of Concept

1、Register and log in as a user, add new questions and add tags

2、Insert the following payload in the tag description

<img src=x onerror=alert(localStorage.getItem('_a_lui_'))>

img1

3、Post a question

4、When other users/admins view this tag

5、Trigger xss

https://www.dropbox.com/s/i9zrivadppckyo8/4.png?dl=0

img2

Impact

Execute malicious js in the community, steal user tokens, etc...

We are processing your report and will contact the answerdev/answer team within 24 hours. 2 months ago
jeeseensec modified the report
2 months ago
We have contacted a member of the answerdev/answer team and are waiting to hear back 2 months ago
joyqi validated this vulnerability 2 months ago
jeeseensec has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
joyqi marked this as fixed in 1.0.6 with commit 90bfa0 2 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
joyqi published this vulnerability 2 months ago
to join this conversation