Cross-site Scripting (XSS) - Reflected in admidio/admidio


Reported on

Oct 18th 2021


Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.

Proof of Concept

// PoC.js

Vuln Link -->


This vulnerability is capable of claiming other users cookie performing other advanced scenarios . Account takeover is possible in this case .

We have contacted a member of the admidio team and are waiting to hear back a year ago
Markus Faßbender validated this vulnerability a year ago
0x9x has been awarded the disclosure bounty
The fix bounty is now up for grabs
a year ago


Thanks for updates!

Markus Faßbender confirmed that a fix has been merged on 246044 a year ago
Markus Faßbender has been awarded the fix bounty
a year ago


This is fixed with version 4.0.11 . Thanks for the research.

to join this conversation