BUG

Stored xss using journal-name in journal-tab

ACCOUNT

1. user-A –> superadmin –> Victim –> Firefox browser Normal mode
2. user-B –> journal manager –> Attacker –> Firefox browser Container-1\

STEP TO RERPODUCE

1. From user-A account create a journal called “journal-A”.

2. Add user-B to this journal as “journal manager” .i already did

3. Login into user-B account and change journal name to xss payload xss"'&gt;<img src>

4. from user-A account open journal-statistics in http://localhost/ojs-3.4.0-3/index.php/xss/stats/context/context and see xss is executed \

IMPACT

Using this xss attacker(user-B) can execute any javascript code in victim(user-A) account . And can full control over the victim account by executing any javascript code

VIDEO POC

https://drive.google.com/file/d/1iA456XdYaWe7qgkkkhp_I3Wzlr8fn2Re/view?usp=sharing