Stored Cross Site Scripting in the username in wallabag/wallabag

Valid

Reported on

Feb 2nd 2023

Description

Stored XSS occurs when an attacker injects malicious code into a website, which is then stored on the server. In this case, the malicious code is being stored as the user's username.

When someone accesses the shared page, the website retrieves the user's username from the server and displays it as part of the message "shared by". At this point, the XSS payload is executed.

Proof of Concept

Proof of Concept Video

Impact

Allows the attacker to execute malicious code on the victim's browser. This can potentially lead to a wide range of security problems, such as stealing sensitive information, hijacking user sessions, and more.

We are processing your report and will contact the wallabag team within 24 hours. 2 months ago
We have contacted a member of the wallabag team and are waiting to hear back 2 months ago
wallabag/wallabag maintainer has acknowledged this report 2 months ago
Jérémy Benoist validated this vulnerability a month ago
Gabriel Vernilo has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Jérémy Benoist marked this as fixed in 2.5.4 with commit 4e023b a month ago
Jérémy Benoist has been awarded the fix bounty
This vulnerability has been assigned a CVE
Jérémy Benoist published this vulnerability a month ago
wallabag/wallabag maintainer gave praise a month ago
Thank you @gabriel-vernilo !
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Gabriel Vernilo
a month ago

Researcher

Thanks 😁❤

to join this conversation