/

Store XSS in title parameter executing at EditUser Page & EditProducto page in neorazorx/facturascripts

Valid

Reported on

Apr 20th 2022

Description

Cross-site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.

Proof of Concept

Login as Normal user.
Click on Options and select user.
Set title as <script>alert(document.domain)</script> and save. It will store the XSS payload.
log in to any account, i.e. admin.
Click on the top right corner i.e EditUser executing xss.

Video PoC

EditUser- https://drive.google.com/file/d/1zHI5GNU7JFUL5h6e64tnUFg4lXzqECRU/view?usp=sharing EditProducto- https://drive.google.com/file/d/1Z2fcc6DF-4eFpB1DAok3XMrtjUtYWo5M/view?usp=sharing

Impact

Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user's machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.

References

https://owasp.org/www-community/attacks/xss/

We are processing your report and will contact the neorazorx/facturascripts team within 24 hours. a year ago

Tarun Garg modified the report

a year ago

We have contacted a member of the neorazorx/facturascripts team and are waiting to hear back a year ago

Carlos Garcia validated this vulnerability a year ago

Tarun Garg has been awarded the disclosure bounty

The fix bounty is now up for grabs

Carlos Garcia marked this as fixed in 2022.04 with commit b3e752 a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

commented a year ago

Researcher

Thank you for the reward, is there any CVE number that will also be assigned?

commented a year ago

Researcher

@neorazorx @admin Please check if CVE can be assigned

commented a year ago

Admin

Sure, we can assign a CVE here, we first require the go-ahead from the maintainer.

@maintainer - are you happy for us to assign and publish a CVE for this report?

commented a year ago

Researcher

@maintainer

commented a year ago

Researcher

@admin

commented a year ago

Researcher

@admin @maintainer, as the fix is already released, can you assign a CVE here

commented a year ago

Admin

Sorted 👍

commented a year ago

Researcher

Thank you

to join this conversation

We are processing your report and will contact the neorazorx/facturascripts team within 24 hours. a year ago

Tarun Garg modified the report

a year ago

We have contacted a member of the neorazorx/facturascripts team and are waiting to hear back a year ago

Carlos Garcia validated this vulnerability a year ago

Tarun Garg has been awarded the disclosure bounty

The fix bounty is now up for grabs

Carlos Garcia marked this as fixed in 2022.04 with commit b3e752 a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

commented a year ago

Researcher

Thank you for the reward, is there any CVE number that will also be assigned?

commented a year ago

Researcher

@neorazorx @admin Please check if CVE can be assigned

commented a year ago

Admin

Sure, we can assign a CVE here, we first require the go-ahead from the maintainer.

@maintainer - are you happy for us to assign and publish a CVE for this report?

commented a year ago

Researcher

@maintainer

commented a year ago

Researcher

@admin

commented a year ago

Researcher

@admin @maintainer, as the fix is already released, can you assign a CVE here

commented a year ago

Admin

Sorted 👍

commented a year ago

Researcher

Thank you

to join this conversation