Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrAhmedviennaE495B443-B328-42F5-AED5-D68B929B4CB9
HistoryFeb 14, 2023 - 2:09 p.m.

stored XSS after XSS Filter Bypass through exporting an HTML-Document

2023-02-1414:09:51
ahmedvienna
www.huntr.dev
7
xss
filter bypass
faq site
html export
stored payload
bug bounty

0.001 Low

EPSS

Percentile

23.5%

JSON

Hello,

After mitigation of all submitted XSS Vulnerabilities i was able to detect another XSS and bypass the XSS Filters
in the FAQ Site while generating an HTML Export.

Lets see :)

This is th XSS Paylaod with XSS Ahmed 2

Only XSS Ahmed 2 will work !

Now lets export in in HTML5 and open the file the xss alert will be fired.

As you can see this is the XSS Payload lets refresh its stored

Thank you for watching :)

Related

cve 1
cvelist 1
nvd 1
github 1
osv 2
veracode 1
prion 1
openvas 1
cve
cve
CVE-2023-1756
2023-04-05 16:15:07
cvelist
cvelist
CVE-2023-1756 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq
2023-04-05 00:00:00
nvd
nvd
CVE-2023-1756
2023-04-05 16:15:07
github
github
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export
2023-04-05 18:30:18
osv
osv
CVE-2023-1756
2023-04-05 16:15:07
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export
2023-04-05 18:30:18
veracode
veracode
Stored Cross-Site Scripting (XSS)
2023-04-20 16:30:06
prion
prion
Cross site scripting
2023-04-05 16:15:00
openvas
openvas
phpMyFAQ < 3.1.12 Multiple Vulnerabilities
2023-04-04 00:00:00

0.001 Low

EPSS

Percentile

23.5%

JSON
Related for E495B443-B328-42F5-AED5-D68B929B4CB9
cve1cvelist1nvd1github1osv2veracode1prion1openvas1