messenger icon indicating copy to clipboard operation
messenger copied to clipboard
verified publisher icon totaljs

[Security] Stored XSS in channel description

Open edoardottt opened this issue 2 years ago • 0 comments

Tested version: latest

Steps to reproduce the vulnerability:

  • Login in the application.
  • Click on Channels.
  • Click on Add a new channel.
  • Fill all the possible fields with payload "<script>alert(document.domain)</script> and save.
  • XSS will fire whenever user info is reflected in page.

Screenshot from 2023-03-25 16-34-02

edoardottt avatar Mar 25 '23 15:03 edoardottt