Lucene search
UonghoangminhchauA4D865C2-1A2B-4E3A-AAAE-915B0DFC3F22HistoryDec 21, 2022 - 7:56 a.m.
Stored XSS in Search
2022-12-2107:56:44
uonghoangminhchau
www.huntr.dev
3
xss
stored
search
demo
website
0.001 Low
EPSS
Percentile
20.3%
Description
Stored XSS is a type of XSS that stores malicious code on the application. The demo website is affected of it.
Proof of Concept
#1. Access to the demo website https://demo.usememos.com/
#2. At “Any thoughts…”, write XSS Payload and save it. In this scenario, I used payload: "><img src>
#3. Now, at Search bar, just type "> (or any character in the payload) and the payload will be triggered.
Link: https://drive.google.com/file/d/1OfyG91RtpV-_rUanDrWiTbStjf0X7QJN/view?usp=sharing
Related
veracode
veracode
Cross-site Scripting (XSS)
2023-01-04 10:06:32
prion
prion
Cross site scripting
2022-12-27 15:15:00
osv
osv
CVE-2022-4694
2022-12-27 15:15:11
usememos/memos vulnerable to stored Cross-site Scripting
2022-12-27 15:30:19
cvelist
cvelist
CVE-2022-4694 Cross-site Scripting (XSS) - Stored in usememos/memos
2022-12-23 00:00:00
cve
cve
CVE-2022-4694
2022-12-27 15:15:11
nvd
nvd
CVE-2022-4694
2022-12-27 15:15:11
github
github
usememos/memos vulnerable to stored Cross-site Scripting
2022-12-27 15:30:19