Cross-site Scripting (XSS) - Reflected in knadh/listmonk
Valid
Reported on
Apr 30th 2022
Description
The listmonk application is vulnerable to reflected XSS in Partial SQL expression to query subscriber attributes.
Proof of Concept
1.Go to "Subscribers" -> "All subscribers" -> "Advanced"
2.Put this payload: "><img src=1 onerror=alert(document.location)>
in the input filed.
3.Now click on Query then XSS will pop-up
Video POC
https://drive.google.com/file/d/1xecT0_PUpZ1Fwlzzm2TJvHBZw_b-eJv8/view?usp=sharing
Impact
This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
We are processing your report and will contact the
knadh/listmonk
team within 24 hours.
a year ago
SAMPRIT DAS modified the report
a year ago
SAMPRIT DAS modified the report
a year ago
We have contacted a member of the
knadh/listmonk
team and are waiting to hear back
a year ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
The researcher's credibility has increased: +7
The fix bounty has been dropped
This vulnerability will not receive a CVE
It does not appear that the severity of the issue is significant enough to warrant a CVE, as mentioned by the maintainer on GitHub.
to join this conversation