Stored xss real name

2023-02-1217:50:11

isdkrisna

www.huntr.dev

stored xss

vulnerability

admin account

user addition

0.001 Low

EPSS

Percentile

23.5%

JSON

Description

In the admin account, there is a feature to add a user. In this feature, a vulnerability was found in the “Your Name” form.

Proof of Concept

1.go to https://roy.demo.phpmyfaq.de/admin/?action=user
2.add user with realname &lt;script&gt;alert('123')&lt;/script&gt;
3.go to https://roy.demo.phpmyfaq.de/admin/?action=category
4.click button add new top-level category

POC
https://drive.google.com/file/d/1X4LdpwFcrbR7pA1C1-0wIU46S8tIWt0v/view?usp=share_link

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for 2D0AC48A-490D-4548-8D98-7447042DD1B5