Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc

Valid

Reported on

Aug 29th 2021


✍️ Description

online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for XSS

🕵️‍♂️ Proof of Concept

💥 Impact

This vulnerability is capable of XSS

zmister2016
3 months ago

Maintainer


How to reproduce the vulnerability ?

Abdul muhaimin
3 months ago

Researcher


Hey , @zmister

Hope the video is working well , else as a write on dashboard creating a quick craft with payload "><img src/onerror=alert(1)> will reproduce the issue or if you want me to give the payloads for svg one letme know then

Thanks , Muhaimin

zmister2016
3 months ago

Maintainer


OK!Thank you for your reply!

zmister2016 validated this vulnerability 3 months ago
Abdul muhaimin has been awarded the disclosure bounty
The fix bounty is now up for grabs
zmister2016 confirmed that a fix has been merged on 123c7e 3 months ago
zmister2016 has been awarded the fix bounty