Stored XSS in Name in kromitgmbh/titra

Valid

Reported on

Jun 3rd 2022

Description

The application Titra is vulnerable to Stored XSS in user's name field.

Proof of Concept

Go to profile and under the name put the payload "><img src=# onerror=alert(document.domain)> Video POC: https://drive.google.com/file/d/1MHPloy-i2hsxaLuuVn46oUZVpFm6Nywf/view?usp=sharing

Impact

This allows the attacker to execute malicious scripts in all the project members browser and it can lead to session hijacking, sensitive data exposure, and worse.

We are processing your report and will contact the kromitgmbh/titra team within 24 hours. a year ago

We created a GitHub Issue asking the maintainers to create a SECURITY.md a year ago

saharshtapi modified the report

a year ago

We have contacted a member of the kromitgmbh/titra team and are waiting to hear back a year ago

A kromitgmbh/titra maintainer validated this vulnerability a year ago

saharshtapi has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

A kromitgmbh/titra maintainer marked this as fixed in 0.77.0 with commit e606b6 a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

A kromitgmbh/titra maintainer gave praise a year ago

thanks for reporting this!

The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1

saharshtapi

commented a year ago

Researcher

@admin Can you assign CVE?

Jamie Slome

commented a year ago

Admin

Sorted 👍

to join this conversation

We are processing your report and will contact the kromitgmbh/titra team within 24 hours. a year ago

We created a GitHub Issue asking the maintainers to create a SECURITY.md a year ago

saharshtapi modified the report

a year ago

We have contacted a member of the kromitgmbh/titra team and are waiting to hear back a year ago

A kromitgmbh/titra maintainer validated this vulnerability a year ago

saharshtapi has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

A kromitgmbh/titra maintainer marked this as fixed in 0.77.0 with commit e606b6 a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

A kromitgmbh/titra maintainer gave praise a year ago

thanks for reporting this!

The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1

saharshtapi

commented a year ago

Researcher

@admin Can you assign CVE?

Jamie Slome

commented a year ago

Admin

Sorted 👍

to join this conversation