Reflected Xss using url based payload in neorazorx/facturascripts

Valid

Reported on

May 8th 2022

Description

Hi there i found that url parameter is not verified by server so an attacker can use javascript schema to run xss on user's browser

Proof of Concept

  1. Visit this page http://localhost/invoices/EditPageOption?code=ListProducto-new&url=javascript:prompt(2)
  2. Click on back button

PoC:-

https://youtu.be/l1uHfNa2p58

Impact

Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser

We are processing your report and will contact the neorazorx/facturascripts team within 24 hours. 20 days ago
Distorted_Hacker modified the report
20 days ago
Distorted_Hacker modified the report
20 days ago
We have contacted a member of the neorazorx/facturascripts team and are waiting to hear back 19 days ago
Carlos Garcia validated this vulnerability 18 days ago
Distorted_Hacker has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Carlos Garcia confirmed that a fix has been merged on 8e31d8 18 days ago
Carlos Garcia has been awarded the fix bounty
Distorted_Hacker
18 days ago

Researcher

@admin can you assign cve ?

Jamie Slome
16 days ago

Admin

Sorted 👍

to join this conversation