Stored XSS in neorazorx/facturascripts
May 18th 2022
Stored XSS in ListAgenciaTransporte module in facturascripts is triggered when clicking the scrolling middle mouse button.
Proof of Concept
1.Create a new non-admin account
2.Login and goto
3.Add new user with website link to
4.Save user and navigate to
http://localhost/invoices/ and click on the website link of newly created user by using the scrolling middle mouse button.
I see that there is a fix with this xss vulnerability by clicking the left mouse button here (
https://huntr.dev/bounties/31aba7c9-edcf-44bf-9fd8-ca15d1fa53c8/) but in this report, I can trick it by clicking the middle mouse button.
This vulnerability has the potential to phish user to another page and trick user to steal cookies and gain unauthorized access to that user's account through the stolen cookies.