Stored XSS Content allows for the arbitrary execution of JavaScript
In Wechat management at feature
- Reply rule management
- Follow reply configuration
- Default reply configuration
- Follow automatic replies
Save Reply text with payload : </titLe/</teXtarEa/</scRipt/--!>\x3csVg/<img src>\x3e
XSS will trigger when reloading page or goto edit
This vulnerability has the potential to steal a userβs cookie and gain unauthorized access to that userβs account through the stolen cookie.