Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Proof of Concept 1

Step1: The user has the right to access and perform the creation of surveys, with the payload inserted into the survey title.

payload:

testxss'"><img src/onerror=alert(document.domain)>

Step2: Create a group and survey questions to meet the requirements for publishing the survey.

Step3: The victim accesses the Survey URL, which triggers the payload.

Proof of Concept 2

Step1: Login and access the Profile function, then inject the payload into the 'Full Name' field and save the changes.

Payload:

testxss' accesskey="X" onclick="alert(1)" x='

Step2: The administrator accesses the user management function screen and presses the Alt+Shift+X key combination, causing the payload to be triggered.

Impact

An attacker can steal cookies or manipulate the victim to send requests to perform unintended actions,...