Cross-site Scripting (XSS) - Stored in collectiveaccess/providence

Valid

Reported on

Sep 24th 2021

Description

stored xss via event name

Proof of Concept

Plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1iMDosuZYYmFy_JEVxXo7KB09TghKPs-7/view?usp=sharing
Here i uses bellow xss payload

xss2"'onmouseover=prompt();//

Impact

Stored xss

We have contacted a member of the collectiveaccess/providence team and are waiting to hear back 2 years ago

CollectiveAccess has invalidated this vulnerability 2 years ago

Again, default was to assume trusted data from logged in users, which is typical. We have changed the default to filter all input and made "as-is" input opt-in.

The disclosure bounty has been dropped

The fix bounty has been dropped

CollectiveAccess CollectiveAccess

commented 2 years ago

Maintainer

See https://huntr.dev/bounties/0a648087-9b16-4cf5-acca-f25eda1329c7/

ranjit-git

commented 2 years ago

Researcher

can you plz also update the https://demo.collectiveaccess.org to latest version ?

CollectiveAccess CollectiveAccess

commented 2 years ago

Maintainer

Actually I think you did find an issue... can we reopen this?

ranjit-git

commented 2 years ago

Researcher

Admin can open this issue again.
@admin can you plz reopen this report again

CollectiveAccess CollectiveAccess

commented 2 years ago

Maintainer

https://github.com/collectiveaccess/providence/commit/aba331d0a46b6c911ffbef9e53b7c212c264e51e resolve this. Thank you for raising this issue. Apologies for the premature closing of it.

ranjit-git

commented 2 years ago

Researcher

I asked admin to reopen the report.
After reopen you can mark as valid

CollectiveAccess CollectiveAccess

commented 2 years ago

Maintainer

Yes will do.

Jamie Slome

commented 2 years ago

Admin

I have reverted the status of the report to pending.

CollectiveAccess marked this as fixed with commit aba331 2 years ago

CollectiveAccess has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

We have contacted a member of the collectiveaccess/providence team and are waiting to hear back 2 years ago

CollectiveAccess has invalidated this vulnerability 2 years ago

Again, default was to assume trusted data from logged in users, which is typical. We have changed the default to filter all input and made "as-is" input opt-in.

The disclosure bounty has been dropped

The fix bounty has been dropped

CollectiveAccess CollectiveAccess

commented 2 years ago

Maintainer

See https://huntr.dev/bounties/0a648087-9b16-4cf5-acca-f25eda1329c7/

ranjit-git

commented 2 years ago

Researcher

can you plz also update the https://demo.collectiveaccess.org to latest version ?

CollectiveAccess CollectiveAccess

commented 2 years ago

Maintainer

Actually I think you did find an issue... can we reopen this?

ranjit-git

commented 2 years ago

Researcher

Admin can open this issue again.
@admin can you plz reopen this report again

CollectiveAccess CollectiveAccess

commented 2 years ago

Maintainer

https://github.com/collectiveaccess/providence/commit/aba331d0a46b6c911ffbef9e53b7c212c264e51e resolve this. Thank you for raising this issue. Apologies for the premature closing of it.

ranjit-git

commented 2 years ago

Researcher

I asked admin to reopen the report.
After reopen you can mark as valid

CollectiveAccess CollectiveAccess

commented 2 years ago

Maintainer

Yes will do.

Jamie Slome

commented 2 years ago

Admin

I have reverted the status of the report to pending.

CollectiveAccess marked this as fixed with commit aba331 2 years ago

CollectiveAccess has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation