Nextcloud: Cross Site Scripting

ID H1:224108
Type hackerone
Reporter lulliii
Modified 2017-04-26T17:36:30


Hello team, While i was hunting (, i found xss there in comment/reply box..

Steps to reproduce 1. go to 2. Click On Any (I'm selecting "Welcome to the Nextcloud forums") 3. Sign in or Sign up in your account. 4. Click Reply.. 5. Type or paste ( <abbr title='" class="comment-link"><a href=' href="'> :-) <abbr title='" ' class="<script>alert(document.cookie)</script>">x</abbr></a> ) Without brackets.. 6. You will get popup (You need to be logged in to do that.) 7. This mean xss payload is executing!

Detail: I think xss payload is executing because you're using old version of akismet.. Akismet 2.5.0-3.1.4 - Is vulnerable to Unauthenticated Stored Cross-Site Scripting (XSS)..