Stored XSS in Task field in kromitgmbh/titra

Valid

Reported on

Jun 4th 2022


Description

The application Titra is vulnerable to Stored XSS in Task field.

Steps To Reproduce

  1. Click on add Track button
  2. In the Task field enter the payload "><img src=# onerror=alert(document.domain)>
  3. click save
  4. Now Click on Details
  5. XSS will be triggered

Image PoC

https://drive.google.com/file/d/1twcYvvdV-hCE4hI0HwtnE9ZvqpYC77gS/view?usp=sharing https://drive.google.com/file/d/1CNtiY-VeLjPtYQOx3clUKSxgSAMM2mQM/view?usp=sharing

Impact

This allows the attacker to execute malicious scripts in all the project members browser and it can lead to session hijacking, sensitive data exposure, and worse.

We are processing your report and will contact the kromitgmbh/titra team within 24 hours. 22 days ago
saharshtapi
22 days ago

Researcher


@admin please change the vulnerability type from DOM XSS to Stored XSS

saharshtapi modified the report
21 days ago
We have contacted a member of the kromitgmbh/titra team and are waiting to hear back 20 days ago
Jamie Slome
20 days ago

Admin


@saharshtapi - you should be able to change the vulnerability type to Stored XSS using the Edit button at the top right-hand side of the page.

If you are unable to, this is because you already have a Stored XSS report pending against this repository, and so should add the other occurrences of the same vulnerability type to that report using the permalinks.

kromitgmbh/titra maintainer validated this vulnerability 18 days ago
saharshtapi has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
kromitgmbh/titra maintainer confirmed that a fix has been merged on e606b6 18 days ago
The fix bounty has been dropped
kromitgmbh/titra maintainer
18 days ago

Maintainer


thanks for reporting this!

saharshtapi
18 days ago

Researcher


@admin Can you assign CVE?

Jamie Slome
18 days ago

Admin


Sorted 👍

to join this conversation