Lucene search
Hainguyen02070CEB10E4-952B-4CA4-BAF8-5B6F12E3A8A7HistoryAug 20, 2023 - 3:58 p.m.
DOM XSS in https://demo.modoboa.org/user/#profile/
2023-08-2015:58:08
hainguyen0207
www.huntr.dev
5
dom xss
burp
payload
modoboa
0.0004 Low
EPSS
Percentile
14.1%
Description
I noticed, your website is very secure.
But you overlooked a flaw DOM XSS.
Detail:
1 .Login with demo account.
2 .Go to the link: https://demo.modoboa.org/user/#profile/ and click Update
3 .Use burp to block proxy and inject payload in &language:
<img+src=0+onerror=alert(document.cookie)>
Proof of Concept
Video Poc
https://drive.google.com/file/d/1DpThlp36jJ7hcjGzehX4wlof3KsPux8O/view?usp=sharing
Related
osv
osv
CVE-2023-5688
2023-10-20 17:15:08
PYSEC-2023-215
2023-10-20 17:15:00
modoboa Cross-site Scripting vulnerability
2023-10-20 18:30:57
cvelist
cvelist
CVE-2023-5688 Cross-site Scripting (XSS) - DOM in modoboa/modoboa
2023-10-20 16:22:46
github
github
modoboa Cross-site Scripting vulnerability
2023-10-20 18:30:57
cve
cve
CVE-2023-5688
2023-10-20 17:15:08
prion
prion
Cross site scripting
2023-10-20 17:15:00
nvd
nvd
CVE-2023-5688
2023-10-20 17:15:08
veracode
veracode
Cross-site Scripting (XSS)
2023-10-24 02:30:50