We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Cross-site Scripting (XSS) - Stored in admidio/admidio

Valid

Reported on

Jan 11th 2022

Description

Stored xss

Proof of Concept

onmouseover="alert(1)">link</a>

Video : https://drive.google.com/file/d/1WzArNdgXgjVOS6qsePRvGWIz6ljtxApx/view?usp=sharing

Impact

Through this vulnerability, an attacker is capable to execute malicious scripts.

We are processing your report and will contact the admidio team within 24 hours. 2 years ago
TroubleMaker
2 years ago

Researcher

Hello! I found this an issue. Can you assign a CVE for this issue? thx!

We have contacted a member of the admidio team and are waiting to hear back 2 years ago
We have sent a follow up to the admidio team. We will try again in 7 days. 2 years ago
Markus Faßbender validated this vulnerability 2 years ago
TroubleMaker has been awarded the disclosure bounty
The fix bounty is now up for grabs
TroubleMaker
2 years ago

Researcher

Can you assign a CVE like https://huntr.dev/bounties/4eb6d581-338c-4ff7-850d-733194d6c3a8/?

Markus
2 years ago

Maintainer

I have not the right to create an CVE.

Markus Faßbender marked this as fixed in 4.1.3 with commit 1ff30f 2 years ago
Markus Faßbender has been awarded the fix bounty
This vulnerability will not receive a CVE
Markus
2 years ago

Maintainer

Thanks for the research!

TroubleMaker
2 years ago

Researcher

thx!

to join this conversation