Veris: Multiple Stored XSS

ID H1:120324
Type hackerone
Reporter itly
Modified 2016-06-12T16:04:56


Hello Team,

I have found multiple vulnerable fields which accepts malicious javascript inputs and reflects on another form which fails to sanitize the malicious javascript input.

Vulnerable Input Form: Edit Group Details

Reflects where: View Rule Book

Payload used: 1) <img src=x onerror=alert(document.domain)>

                     2) &lt;img src=x onerror=alert(document.cookie)&gt;

Browsers used: Mozilla Firefox and Google Chrome (Latest Version)

Steps to Reproduce:

  1. Go to Edit Group Details Form.
  2. Inject the above mentioned payload in both the input fields as shown in screenshot.
  3. Submit and Save it.
  4. Go to Rulebook and View it.
  5. Tadaa! XSS Triggers.

Proof of Concept: Please find the attached screenshots.

Do evaluate it and inform me accordingly.

Best Regards,

Hely H. Shah