Stored XSS on Import Targets in yogeshojha/rengine
Valid
Reported on
Apr 27th 2022
Description
Hello, When a XSS payload is used as the Add or Import Targets file name, it executes it hence stored XSS is possible.
Proof of Concept
Name a file <img src=x onerror=alert(document.domain)>.txt
Import the file at /target/add/target
You can see it being executed.
Impact
This vulnerability is capable of executing javascript code through file name.
We are processing your report and will contact the
yogeshojha/rengine
team within 24 hours.
a month ago
Veshraj Ghimire modified the report
a month ago
We have contacted a member of the
yogeshojha/rengine
team and are waiting to hear back
a month ago
We have sent a
follow up to the
yogeshojha/rengine
team.
We will try again in 7 days.
a month ago
We have sent a
second
follow up to the
yogeshojha/rengine
team.
We will try again in 10 days.
20 days ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Thank you for reporting this.
Veshraj Ghimire
has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Great work @v35hr4j 👌
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
The fix bounty has been dropped
to join this conversation