Cross-site Scripting (XSS) - Stored in admidio/admidio

Valid

Reported on

Jan 11th 2022


Description

Stored xss

Proof of Concept

onmouseover="alert(1)">link</a>

Video : https://drive.google.com/file/d/1WzArNdgXgjVOS6qsePRvGWIz6ljtxApx/view?usp=sharing

Impact

Through this vulnerability, an attacker is capable to execute malicious scripts.

We are processing your report and will contact the admidio team within 24 hours. 8 months ago
TroubleMaker
8 months ago

Researcher


Hello! I found this an issue. Can you assign a CVE for this issue? thx!

We have contacted a member of the admidio team and are waiting to hear back 8 months ago
We have sent a follow up to the admidio team. We will try again in 7 days. 8 months ago
Markus Faßbender validated this vulnerability 8 months ago
TroubleMaker has been awarded the disclosure bounty
The fix bounty is now up for grabs
TroubleMaker
8 months ago

Researcher


Can you assign a CVE like https://huntr.dev/bounties/4eb6d581-338c-4ff7-850d-733194d6c3a8/?

Markus
8 months ago

Maintainer


I have not the right to create an CVE.

Markus Faßbender confirmed that a fix has been merged on 1ff30f 8 months ago
Markus Faßbender has been awarded the fix bounty
Markus
8 months ago

Maintainer


Thanks for the research!

TroubleMaker
8 months ago

Researcher


thx!

to join this conversation