Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrTrunggg022CC80417-32B2-4024-BBCD-D95A039C11AE
HistorySep 03, 2023 - 2:05 p.m.

Stored XSS in module named "New Submissions"

2023-09-0314:05:07
trunggg02
www.huntr.dev
4
xss
security vulnerability
module submissions
payload
activity log

AI Score

6

Confidence

High

EPSS

0

Percentile

14.0%

JSON

Description

I tested the demo site you provided. I see that there is an Stored XSS vulnerability. I hope you can check and provide a fix as soon as possible.

Proof of Concept

Link video Poc

https://drive.google.com/file/d/1BaAnaZQyf__bUTu54rzwRtTevr-wx100/view?usp=sharing

Steps

1 .Login as account demo

2 .Access the module Submissions

3 .Then create a New Submissions

4 .Pass the payload to the Title field in the Import Metadata section

Payload

      test"><script>alert(document.cookie)</script>

5 .Then save the submissions and click on activity log & note and the payload will be executed

Related

prion 1
osv 1
cve 1
cvelist 1
nvd 1
prion
prion
Cross site scripting
2023-11-01 01:15:00
osv
osv
CVE-2023-5895
2023-11-01 01:15:07
cve
cve
CVE-2023-5895
2023-11-01 01:15:07
cvelist
cvelist
CVE-2023-5895 Cross-site Scripting (XSS) - DOM in pkp/pkp-lib
2023-11-01 00:00:19
nvd
nvd
CVE-2023-5895
2023-11-01 01:15:07

AI Score

6

Confidence

High

EPSS

0

Percentile

14.0%

JSON
Related for 2CC80417-32B2-4024-BBCD-D95A039C11AE
prion1osv1cve1cvelist1nvd1