messenger icon indicating copy to clipboard operation
messenger copied to clipboard
verified publisher icon totaljs

[Security] Stored XSS in user fields

Open edoardottt opened this issue 2 years ago • 0 comments

Tested version: latest

Steps to reproduce the vulnerability:

  • Login in the application.
  • Click on Direct messages.
  • Click on Add a new user.
  • Fill all the possible fields with payload "<script>alert(document.domain)</script> and save.
  • XSS will fire whenever user info is reflected in page.

Screenshot from 2023-03-25 16-32-27

edoardottt avatar Mar 25 '23 15:03 edoardottt