Store XSS in title parameter executing at EditUser Page & EditProducto page in neorazorx/facturascripts
Apr 20th 2022
Cross-site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.
Proof of Concept
- Login as Normal user.
- Click on Options and select user.
- Set title as <script>alert(document.domain)</script> and save. It will store the XSS payload.
- log in to any account, i.e. admin.
- Click on the top right corner i.e EditUser executing xss.
EditUser- https://drive.google.com/file/d/1zHI5GNU7JFUL5h6e64tnUFg4lXzqECRU/view?usp=sharing EditProducto- https://drive.google.com/file/d/1Z2fcc6DF-4eFpB1DAok3XMrtjUtYWo5M/view?usp=sharing
Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.
Thank you for the reward, is there any CVE number that will also be assigned?
@neorazorx @admin Please check if CVE can be assigned
Sure, we can assign a CVE here, we first require the go-ahead from the maintainer.
@maintainer - are you happy for us to assign and publish a CVE for this report?
@admin @maintainer, as the fix is already released, can you assign a CVE here