Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrThanhlam-attt16719252-D88D-43CC-853A-24FF75A067D8
HistoryOct 08, 2023 - 6:37 p.m.

Stored XSS in function Add discussion at the Copyediting section

2023-10-0818:37:37
thanhlam-attt
www.huntr.dev
7
stored xss
add discussion
copyediting section
proof of concept
steps
security vulnerability
demo site
bug bounty

AI Score

6

Confidence

High

EPSS

0

Percentile

14.0%

JSON

Description

I tested the demo site you provided and I see that there is a stored XSS in function Add discussion

Proof of Concept

payload: thanh"><script>alert(1)</script>

# Steps

  1. Login as any user
  2. In the Unassigned section and click view
  3. In the Workflow click Copyediting section and Add discussion
  4. Insert payload to Subject and save it
  5. Click to name => detected XSS
video PoC: https://drive.google.com/file/d/1nsybTloKxd45a716hVFNOyxTrW4fbkry/view?usp=sharing

Related

osv 1
prion 1
nvd 1
cvelist 1
cve 1
osv
osv
CVE-2023-5892
2023-11-01 01:15:07
prion
prion
Cross site scripting
2023-11-01 01:15:00
nvd
nvd
CVE-2023-5892
2023-11-01 01:15:07
cvelist
cvelist
CVE-2023-5892 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib
2023-11-01 00:00:18
cve
cve
CVE-2023-5892
2023-11-01 01:15:07

AI Score

6

Confidence

High

EPSS

0

Percentile

14.0%

JSON
Related for 16719252-D88D-43CC-853A-24FF75A067D8
osv1prion1nvd1cvelist1cve1