A malicious actor is able to add βnew boardβ with a malicious payload to any target, and upon opening the research menu, the XSS payload is being executed.
1; Log in with a proper roled user
2; Add a new board to the system at research menu on the left
3; Insert the following payload in the name field: <script>alert(document.cookie)</script>
4; Open the research menu, and the xss payload is being executed.
With such opprotunity, the malicious actor is able to gather session identifiers from any users. Upon receiving this information, the Confidentiality, Integrity is compromised of the targetβs account.