Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrAyoub0x134B281CD-FF4A-4AB0-AE25-56AEF557682F
HistoryJul 09, 2022 - 3:40 p.m.

Stored XSS in

2022-07-0915:40:48
ayoub0x1
www.huntr.dev
15
stored xss
note field
poc video
bug bounty

EPSS

0.001

Percentile

21.4%

JSON

Description

Hello, I have found that an XSS payload has been executed in the name of note field, and I wanted to make a report about it, just please note that in the Occurrences I left it empty because I don’t know anything about it, and please see the video attached in POC to know more about it

Proof of Concept

<h5>Export note β€œ<span>”><script>alert(1)</script></span>"</h5>

watch this video:

https://drive.google.com/file/d/15RhKzaWS10ugzBOf6pkEvsL6ySTrklE3/view

Related

prion 1
cvelist 1
cve 1
osv 1
nvd 1
prion
prion
Cross site scripting
2022-07-10 22:15:00
cvelist
cvelist
CVE-2022-2365 Cross-site Scripting (XSS) - Stored in zadam/trilium
2022-07-10 21:50:10
cve
cve
CVE-2022-2365
2022-07-10 22:15:08
osv
osv
CVE-2022-2365
2022-07-10 22:15:08
nvd
nvd
CVE-2022-2365
2022-07-10 22:15:08

EPSS

0.001

Percentile

21.4%

JSON
Related for 34B281CD-FF4A-4AB0-AE25-56AEF557682F
prion1cvelist1cve1osv1nvd1