Cross-site Scripting (XSS) - Stored via htm file upload in francoisjacquet/rosariosis


Reported on

Apr 27th 2022


rosariosis is vulnerable to Stored XSS in the File upload in Assignments by uploading an htm file with the javascript code inside.



<!DOCTYPE html>
    <meta charset="utf-8"/>
    <meta name="viewport" content="width=device-width, initial-scale=1"/>
    <title>Test Upload File</title>
    <h1>Test upload</h1>

Step to reproduce

From attacker side (student)

1.Login to the demo environment by student account (student/student)
2.In the left menu, go to GRADES -> Assignments
3.Click on Add and subtract assignment
4.Click Choose file and upload the phish htm file above

From victim side (teacher)

1.Login to the demo environment by teacher account (teacher/teacher)
2.In the left menu, go to GRADES -> Grades
3.Click on Student S Student student
4.Click View online in the Submission column
5.Click on Download link and you will see the XSS is triggered


This vulnerability has the potential to phish user to another page and trick user to steal cookies and gain unauthorized access to that user's account through the stolen cookies.

We are processing your report and will contact the francoisjacquet/rosariosis team within 24 hours. 2 years ago
A GitHub Issue asking the maintainers to create a exists 2 years ago
KhanhCM modified the report
2 years ago
We have contacted a member of the francoisjacquet/rosariosis team and are waiting to hear back 2 years ago
François Jacquet validated this vulnerability 2 years ago
khanhchauminh has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
François Jacquet marked this as fixed in 8.9.5 with commit 90842c 2 years ago
François Jacquet has been awarded the fix bounty
to join this conversation