Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrRanjit-gitCE4956E4-9EF5-4E0E-BFB2-481EC5CFB0A5
HistorySep 11, 2023 - 9:54 a.m.

Stored xss using journal-name

2023-09-1109:54:22
ranjit-git
www.huntr.dev
7
xss
journal-name
javascript
attacker
victim
impact
bugbounty
video-poc

AI Score

7.5

Confidence

Low

EPSS

0

Percentile

14.0%

JSON

BUG

Stored xss using journal-name

ACCOUNT

1. user-A –> superadmin –> Victim –> Firefox browser Normal mode
2. user-B –> journal manager –> Attacker –> Firefox browser Container-1\

STEP TO RERPODUCE

1. From user-A account create a journal called “journal-A”.

2. Add user-B to this journal as “journal manager”

3. Login into user-B account and change journal name xss payload xss"'&gt;<img src>

4. from user-A account open site-setting and see xss is executed \

IMPACT

Using this xss attacker(user-B) can execute any javascript code in victim(user-A) account . And can full control over the victim account by executing any javascript code

VIDEO POC

https://drive.google.com/file/d/1vnyma4kQyBoGv-TNhKHUGdLcHA9cUJ6o/view?usp=sharing

Related

cve 1
osv 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2023-5891
2023-11-01 01:15:07
osv
osv
CVE-2023-5891
2023-11-01 01:15:07
prion
prion
Cross site scripting
2023-11-01 01:15:00
cvelist
cvelist
CVE-2023-5891 Cross-site Scripting (XSS) - Reflected in pkp/pkp-lib
2023-11-01 00:00:18
nvd
nvd
CVE-2023-5891
2023-11-01 01:15:07

AI Score

7.5

Confidence

Low

EPSS

0

Percentile

14.0%

JSON
Related for CE4956E4-9EF5-4E0E-BFB2-481EC5CFB0A5
cve1osv1prion1cvelist1nvd1