Loading...

XML

Word

Printable

Details

Type: Security
Resolution: Solved By
Priority: Blocker
Fix Version/s: 14.10
Affects Version/s: 14.6-rc-1
Component/s: User - User Profile
Labels:

Difficulty:
Unknown
Documentation:
N/A
Documentation in Release Notes:
N/A
Similar issues:

Description

SUBMISSION REFERENCES

Submission code: XWIKI-PST6B4ZK
Submission URL: https://www.intigriti.com/auth/dashboard?redirect=/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-PST6B4ZK

RESEARCHER INFORMATION

Submitter: ynoof

SUBMISSION INFORMATION

Created at: Fri, 04 Nov 2022 14:36:49 GMT
Submission status: Archived

REPORT CONTENT

Severity: High
Domain: https://intigriti.xwiki.com/ (Url)
Proof of concept: Hello,

Stored XSS at user profile via `about` text area.

1. 1. Steps to reproduce
    1. Go to user profile
    2. Add the following payload in the `about` text area.

```
html
'"<!--><Details Open OnToggle=confirm("Ynoof/Was/Here")>
/html
```

Click on source before saving.

1. 1. POC {186066}

Thanks,
Ynoof

Impact: An attacker can execute any js code on the victim's browser.
Personal data involved: No
Endpoint: https://intigriti.xwiki.com/xwiki/bin/view/XWiki/ynsec3
Type: Stored Cross-Site Scripting
Attachments: poc.png

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

186066_poc.png
70 kB
10/Nov/22 10:20

Issue Links

is caused by

XCOMMONS-2568 Restricted HTML filtering bypass (XSS) via HTML comments

Closed

Activity

People

Assignee:: Michael Hamann

Reporter:: Intigriti Integration

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 10/Nov/22 10:20

Updated:: 07/Mar/24 08:02

Resolved:: 18/Nov/22 12:32