Complex xss to bypass protection in answerdev/answer

Valid

Reported on

Feb 8th 2023

Description

1.First we login as a normal user, and then comment under a question, the content of the comment is

<img src=x onerror=alert(document.domain)>

2.Then we login as an administrator user. And find the comment we just submitted, the administrator can click the edit button.Then the administrator Click "Save edits" without any modification.

3.Finally the comment will trigger xss.

Video link

linkhttps://drive.google.com/file/d/1mgqcm79b6ImBGISbp065utqZBZqrFk7n/view?usp=share_link

Impact

cause xss

We are processing your report and will contact the answerdev/answer team within 24 hours. a month ago

We have contacted a member of the answerdev/answer team and are waiting to hear back a month ago

joyqi validated this vulnerability 16 days ago

Christy__ has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

joyqi marked this as fixed in 1.0.6 with commit 056689 16 days ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

joyqi published this vulnerability 16 days ago

to join this conversation