Reflected XSS in collectiveaccess/providence

Valid

Reported on

Apr 29th 2022


Description

Hello , i found an authenticated reflected xss via path fragment this was exploitable through trusting user input in url path fragement , please note : if you wrote a different payload you need to URL Encode the payload twice

Proof of Concept

Enter this url : https://demo.collectiveaccess.org/index.php/system/Error/Show/n/3250%22%253CScRiPt%2520%253Ealert(%221337%22)%253C%252FsCripT%253E

Picture:

Vuln_Line

Kind Regards,

Rawi (@0xRaw)

Impact

Steal User Cookies or redirect user to malicious sites

References

We are processing your report and will contact the collectiveaccess/providence team within 24 hours. a month ago
We have contacted a member of the collectiveaccess/providence team and are waiting to hear back a month ago
CollectiveAccess
a month ago

Maintainer


Not sure how we missing this one :-/ Thank you.

CollectiveAccess validated this vulnerability a month ago
0xRaw has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
CollectiveAccess confirmed that a fix has been merged on 49de45 a month ago
The fix bounty has been dropped
0xRaw
a month ago

Researcher


Hello thanks for the quick fix, Can i have a CVE for this finding ?

Kind Regrads, Rawi.

Jamie Slome
a month ago

Admin


Sure, we can arrange a CVE - @maintainer, are you happy to proceed with a CVE for this finding?

0xRaw
6 days ago

Researcher


hey , @maintainer just dropping by to make sure that if you are ok with arranging a CVE for this finding.

Kind Regards, Rawi.

Jamie Slome
5 days ago

Admin


Sorted 👍

to join this conversation