Lucene search
Trunggg02ABA3BA5B-AA6B-4076-B663-4237B4A0761DHistorySep 01, 2023 - 10:54 a.m.
Stored XSS in module named "Create Issues"
2023-09-0110:54:20
trunggg02
www.huntr.dev
4
stored xss
create issues
demo site
vulnerability
exploit
arbitrary scripts
urgent fix
Description
I tested the demo site you provided. I see that there is an XSS vulnerability. I hope you can check and provide a fix as soon as possible.
Proof of Concept
link video Poc
https://drive.google.com/file/d/1CEEFO0ukhjug6dNRfb-vdQNuBUyezoJp/view?usp=sharing
Steps
1 .Login as account demo
2 .Access the module issues
3 .Then create an issue
4 .Pass the payload into the Tittle field
Payload
test"><script>alert(document.cookie)</script>
5 .After creating issues , click on the newly created issues, the payload will be executed
Related
cve
cve
CVE-2023-5894
2023-11-01 01:15:07
nvd
nvd
CVE-2023-5894
2023-11-01 01:15:07
osv
osv
CVE-2023-5894
2023-11-01 01:15:07
cvelist
cvelist
CVE-2023-5894 Cross-site Scripting (XSS) - Stored in pkp/ojs
2023-11-01 00:00:18
prion
prion
Cross site scripting
2023-11-01 01:15:00
AI Score
6.2
Confidence
High
EPSS
0.001
Percentile
20.8%
Related for ABA3BA5B-AA6B-4076-B663-4237B4A0761D