Lucene search
Xo19doCD8765A2-BF28-4019-8647-882CCF63B2BEHistoryDec 30, 2022 - 9:18 a.m.
Bypass Stored XSS while creating a new post
2022-12-3009:18:55
xo19do
www.huntr.dev
16
stored xss
post creation
portal login
proof of concept
bypass payload
bug bounty
0.001 Low
EPSS
Percentile
34.3%
Description
After login to portal create a new post and type the following text with XSS payload
Proof of Concept
Login to portal.
create a post with xss paylaod
save it
POC: https://drive.google.com/file/d/1WkQpGyQGKBS-9To5mlud_qkkL7VOp9Au/view?usp=share_link
Bypass Payload
/*/**<input type="text" value=`` <div/onmouseover='alert(1)'>X</div>**/*/*
Related
cve
cve
CVE-2022-4865
2022-12-31 09:15:08
prion
prion
Cross site scripting
2022-12-31 09:15:00
osv
osv
usememos/memos Cross-site Scripting vulnerability
2022-12-31 09:30:42
CVE-2022-4865
2022-12-31 09:15:08
veracode
veracode
Cross-site Scripting (XSS)
2023-01-02 17:21:45
github
github
usememos/memos Cross-site Scripting vulnerability
2022-12-31 09:30:42
cvelist
cvelist
CVE-2022-4865 Cross-site Scripting (XSS) - Stored in usememos/memos
2022-12-31 00:00:00
nvd
nvd
CVE-2022-4865
2022-12-31 09:15:08