Reflected Xss using url based payload in neorazorx/facturascripts

Valid

Reported on

May 8th 2022

Description

Hi there i found that url parameter is not verified by server so an attacker can use javascript schema to run xss on user's browser

Proof of Concept

  1. Visit this page http://localhost/invoices/EditPageOption?code=ListProducto-new&url=javascript:prompt(2)
  2. Click on back button

PoC:-

https://youtu.be/l1uHfNa2p58

Impact

Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser

We are processing your report and will contact the neorazorx/facturascripts team within 24 hours. a year ago
Distorted_Hacker modified the report
a year ago
Distorted_Hacker modified the report
a year ago
We have contacted a member of the neorazorx/facturascripts team and are waiting to hear back a year ago
Carlos Garcia validated this vulnerability a year ago
Distorted_Hacker has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Carlos Garcia marked this as fixed in 2022.07 with commit 8e31d8 a year ago
Carlos Garcia has been awarded the fix bounty
This vulnerability will not receive a CVE
Distorted_Hacker
a year ago

Researcher

@admin can you assign cve ?

Jamie Slome
a year ago

Admin

Sorted 👍

to join this conversation