Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc

Valid

Reported on

Aug 29th 2021


✍️ Description

online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. like gitbook this package is vulnerable for XSS

🕵️‍♂️ Proof of Concept

💥 Impact

This vulnerability is capable of XSS

zmister2016
2 years ago

Maintainer


How to reproduce the vulnerability ?

Abdul muhaimin
2 years ago

Researcher


Hey , @zmister

Hope the video is working well , else as a write on dashboard creating a quick craft with payload "><img src/onerror=alert(1)> will reproduce the issue or if you want me to give the payloads for svg one letme know then

Thanks , Muhaimin

zmister2016
2 years ago

Maintainer


OK!Thank you for your reply!

zmister2016 validated this vulnerability 2 years ago
b1nslashsh has been awarded the disclosure bounty
The fix bounty is now up for grabs
zmister2016 marked this as fixed with commit 123c7e 2 years ago
zmister2016 has been awarded the fix bounty
to join this conversation