Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrGabriel-vernilo7E6F9614-6A96-4295-83F0-06A240BE844E
HistoryFeb 02, 2023 - 6:24 p.m.

Stored Cross Site Scripting in the username

2023-02-0218:24:42
gabriel-vernilo
www.huntr.dev
10
stored cross site scripting
website
injection
malicious code
proof of concept
bug bounty

0.001 Low

EPSS

Percentile

23.5%

JSON

Description

Stored XSS occurs when an attacker injects malicious code into a website, which is then stored on the server. In this case, the malicious code is being stored as the user’s username.

When someone accesses the shared page, the website retrieves the user’s username from the server and displays it as part of the message “shared by”. At this point, the XSS payload is executed.

Proof of Concept

Proof of Concept Video

Related

osv 2
nvd 1
veracode 1
github 1
cve 1
prion 1
cvelist 1
osv
osv
Cross-site Scripting (XSS) in wallabag/wallabag
2023-02-08 00:30:33
CVE-2023-0736
2023-02-07 23:15:09
nvd
nvd
CVE-2023-0736
2023-02-07 23:15:09
veracode
veracode
Stored Cross-site Scripting (XSS)
2023-02-13 06:35:11
github
github
Cross-site Scripting (XSS) in wallabag/wallabag
2023-02-08 00:30:33
cve
cve
CVE-2023-0736
2023-02-07 23:15:09
prion
prion
Cross site scripting
2023-02-07 23:15:00
cvelist
cvelist
CVE-2023-0736 Cross-site Scripting (XSS) - Stored in wallabag/wallabag
2023-02-07 00:00:00

0.001 Low

EPSS

Percentile

23.5%

JSON
Related for 7E6F9614-6A96-4295-83F0-06A240BE844E
osv2nvd1veracode1github1cve1prion1cvelist1