Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc


Reported on

Aug 29th 2021

✍️ Description

online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for XSS

🕵️‍♂️ Proof of Concept

💥 Impact

This vulnerability is capable of XSS

a year ago


How to reproduce the vulnerability ?

Abdul muhaimin
a year ago


Hey , @zmister

Hope the video is working well , else as a write on dashboard creating a quick craft with payload "><img src/onerror=alert(1)> will reproduce the issue or if you want me to give the payloads for svg one letme know then

Thanks , Muhaimin

a year ago


OK!Thank you for your reply!

zmister2016 validated this vulnerability a year ago
Abdul muhaimin has been awarded the disclosure bounty
The fix bounty is now up for grabs
zmister2016 confirmed that a fix has been merged on 123c7e a year ago
zmister2016 has been awarded the fix bounty
to join this conversation