Cross-site Scripting (XSS) - Stored in yetiforcecompany/yetiforcecrm
Dec 13th 2021
I found file upload XSS, Stored Cross-Site Scripting (XSS) vulnerability due to the lack of content validation and output encoding.
Proof of Concept
1. login and navigate to https://gitstable.yetiforce.com/index.php?module=Users&view=PreferenceEdit&record=5 2. Layout > photo > Add file. 3. Upload the XSS file upload payload.
File upload xss payload https://drive.google.com/file/d/1TrU3Fa8SlQEBModzvRcYD0MiV2pL9672/view?usp=sharing
XSS POC https://drive.google.com/file/d/1jDh-n8vXRpMuSzXWvlRz_eqcWbMYqWnM/view?usp=sharing
Stored XSS generally occurs when user input is stored on the target server, such as in a database, in a message forum, visitor log, comment field, etc. And then a victim is able to retrieve the stored data from the web application without that data being made safe to render in the browser.