Reflected XSS in collectiveaccess/providence

Valid

Reported on

Apr 29th 2022

Description

Hello , i found an authenticated reflected xss via path fragment this was exploitable through trusting user input in url path fragement , please note : if you wrote a different payload you need to URL Encode the payload twice

Proof of Concept

Enter this url : https://demo.collectiveaccess.org/index.php/system/Error/Show/n/3250%22%253CScRiPt%2520%253Ealert(%221337%22)%253C%252FsCripT%253E

Picture:

Vuln_Line

Kind Regards,

Rawi (@0xRaw)

Impact

Steal User Cookies or redirect user to malicious sites

References

XSS In Path

We are processing your report and will contact the collectiveaccess/providence team within 24 hours. a year ago

We have contacted a member of the collectiveaccess/providence team and are waiting to hear back a year ago

CollectiveAccess CollectiveAccess

commented a year ago

Maintainer

Not sure how we missing this one :-/ Thank you.

CollectiveAccess validated this vulnerability a year ago

0xRaw has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

CollectiveAccess marked this as fixed in 1.8 with commit 49de45 a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

0xRaw

commented a year ago

Researcher

Hello thanks for the quick fix, Can i have a CVE for this finding ?

Kind Regrads, Rawi.

Jamie Slome

commented a year ago

Admin

Sure, we can arrange a CVE - @maintainer, are you happy to proceed with a CVE for this finding?

0xRaw

commented a year ago

Researcher

hey , @maintainer just dropping by to make sure that if you are ok with arranging a CVE for this finding.

Kind Regards, Rawi.

Jamie Slome

commented a year ago

Admin

Sorted 👍

to join this conversation

We are processing your report and will contact the collectiveaccess/providence team within 24 hours. a year ago

We have contacted a member of the collectiveaccess/providence team and are waiting to hear back a year ago

CollectiveAccess CollectiveAccess

commented a year ago

Maintainer

Not sure how we missing this one :-/ Thank you.

CollectiveAccess validated this vulnerability a year ago

0xRaw has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

CollectiveAccess marked this as fixed in 1.8 with commit 49de45 a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

0xRaw

commented a year ago

Researcher

Hello thanks for the quick fix, Can i have a CVE for this finding ?

Kind Regrads, Rawi.

Jamie Slome

commented a year ago

Admin

Sure, we can arrange a CVE - @maintainer, are you happy to proceed with a CVE for this finding?

0xRaw

commented a year ago

Researcher

hey , @maintainer just dropping by to make sure that if you are ok with arranging a CVE for this finding.

Kind Regards, Rawi.

Jamie Slome

commented a year ago

Admin

Sorted 👍

to join this conversation