Hi Team, I had found another Stored XSS and it is in the fetish section. Where you search for a particular term and you can create a fetish for that and while updating that the XSS executes.
See the Proof Of Concept below. Thank You.
A. Log into your account and go to
Fetish from the above tab.
B. In the search field enter or copy this payload
"><img src=x onerror=alert(5)> and click on
Yes, Create a Fetish
C. Click on
Add to Profile and select the appropriate options.
D. Click on
Add to Profile and visit
E. Click on the
Fetish option and click on
Update for the Fetish you created and XSS will execute.
Attacker can grab cookies of other users and can redirect users to malicious websites and much more.