Cross-site Scripting (XSS) - Reflected in admidio/admidio


Reported on

Oct 18th 2021


Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

Proof of Concept

// PoC.js

Vuln Link -->


This vulnerability is capable of claiming other users cookie performing other advanced scenarios . Account takeover is possible in this case .

We have contacted a member of the admidio team and are waiting to hear back 2 years ago
Markus Faßbender validated this vulnerability 2 years ago
0x9x has been awarded the disclosure bounty
The fix bounty is now up for grabs
2 years ago


Thanks for updates!

Markus Faßbender marked this as fixed with commit 246044 2 years ago
Markus Faßbender has been awarded the fix bounty
This vulnerability will not receive a CVE
2 years ago


This is fixed with version 4.0.11 . Thanks for the research.

to join this conversation