Lucene search
Srivallikusumba4B86B56B-C51B-4BE8-8EE4-6E385D1E9E8AHistoryMay 26, 2023 - 5:15 a.m.
Stored XSS on FolderName Affecting other users and admin.
2023-05-2605:15:16
srivallikusumba
www.huntr.dev
4
xss vulnerability
stored
foldername
multiple users
admin
0.002 Low
EPSS
Percentile
54.1%
Description
If two users have same folder permission, malicious users can rename the folder with XSS payload, which will affect the other user, and admin.
Payload: "><img src=x onerror=alert(1)>
Proof of Concept
https://drive.google.com/file/d/1ukzcFocVAnd8WKEEo7-zE4iEMVLKUnXt/view
Related
osv
osv
TeamPass vulnerable to stored Cross-site Scripting
2023-06-03 12:30:14
CVE-2023-3084
2023-06-03 11:15:20
cvelist
cvelist
nvd
nvd
CVE-2023-3084
2023-06-03 11:15:20
veracode
veracode
Cross-Site Scripting (XSS)
2023-07-23 20:36:59
github
github
TeamPass vulnerable to stored Cross-site Scripting
2023-06-03 12:30:14
cve
cve
CVE-2023-3084
2023-06-03 11:15:20
prion
prion
Cross site scripting
2023-06-03 11:15:00
openvas
openvas
TeamPass < 3.0.9 Multiple Vulnerabilities
2023-05-25 00:00:00