Stored xss using journal-name
1. user-A –> superadmin –> Victim –> Firefox browser Normal mode
2. user-B –> journal manager –> Attacker –> Firefox browser Container-1\
1. From user-A account create a journal called “journal-A”.
2. Add user-B to this journal as “journal manager”
3. Login into user-B account and change journal name xss payload xss"'><img src>
4. from user-A account open site-setting and see xss is executed \
Using this xss attacker(user-B) can execute any javascript code in victim(user-A) account . And can full control over the victim account by executing any javascript code
https://drive.google.com/file/d/1vnyma4kQyBoGv-TNhKHUGdLcHA9cUJ6o/view?usp=sharing