Stored Cross Site Scripting on "Add user" field in octoprint/octoprint
May 17th 2022
Steps to reproduce:
- Go to settings--> Access controls --> Add user
- Payload =
""><img src=x onerror=alert(1)>"
- Add XSS payload as username and create a new user
- After creating the user, click on delete button and the XSS will be triggered