ID H1:224108 Type hackerone Reporter lulliii Modified 2017-04-26T17:36:30
Description
Hello team,
While i was hunting (https://help.nextcloud.com), i found xss there in comment/reply box..
Steps to reproduce
1. go to https://help.nextcloud.com.
2. Click On Any (I'm selecting "Welcome to the Nextcloud forums")
3. Sign in or Sign up in your account.
4. Click Reply..
5. Type or paste ( <abbr title='" class="comment-link"><a href='
href="'> :-) <abbr title='" ' class="<script>alert(document.cookie)</script>">x</abbr></a> ) Without brackets..
6. You will get popup (You need to be logged in to do that.)
7. This mean xss payload is executing!
Detail:
I think xss payload is executing because you're using old version of akismet..
Akismet 2.5.0-3.1.4 - Is vulnerable to Unauthenticated Stored Cross-Site Scripting (XSS)..
{"id": "H1:224108", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Nextcloud: Cross Site Scripting", "description": "Hello team,\nWhile i was hunting (https://help.nextcloud.com), i found xss there in comment/reply box..\n\n**Steps to reproduce**\n1. go to https://help.nextcloud.com.\n2. Click On Any (I'm selecting \"Welcome to the Nextcloud forums\")\n3. Sign in or Sign up in your account.\n4. Click Reply..\n5. Type or paste ( <abbr title='\" class=\"comment-link\"><a href='\nhref=\"'> :-) <abbr title='\" ' class=\"<script>alert(document.cookie)</script>\">x</abbr></a> ) Without brackets..\n6. You will get popup (You need to be logged in to do that.)\n7. This mean xss payload is executing!\n\n**Detail:**\nI think xss payload is executing because you're using old version of akismet..\nAkismet 2.5.0-3.1.4 - Is vulnerable to Unauthenticated Stored Cross-Site Scripting (XSS).. \n\nReference: https://wpvulndb.com/vulnerabilities/8215", "published": "2017-04-26T17:06:48", "modified": "2017-04-26T17:36:30", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://hackerone.com/reports/224108", "reporter": "lulliii", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:09", "viewCount": 19, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2018-04-19T17:34:09", "rev": 2}, "dependencies": {"references": [], "modified": "2018-04-19T17:34:09", "rev": 2}, "vulnersScore": -0.1}, "bounty": 0.0, "bountyState": "informative", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/013/291/1d2ac8991616fcd3e3cdd567d02b7e70e20a3883_medium.png?1491410731", "small": "https://profile-photos.hackerone-user-content.com/000/013/291/5d33b6e08fad356e1743fd899fe7d6dda9971209_small.png?1491410731"}, "url": "https://hackerone.com/nextcloud", "handle": "nextcloud"}, "h1reporter": {"disabled": true, "url": "/lulliii", "username": "lulliii", "hackerone_triager": false, "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "hacker_mediation": false, "is_me?": false}}
