You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add a new item to any folder, set a password with XSS payload:
"><img src=x onerror=prompt(1)>
Edit the previous saved item, change the password to any you want
Reload the page.
That's all... we can tap to the item and XSS payload will be executed (because there isn't any filtration in previous used passwords field).
Besides, XSS payload will be executed if you try to look at the change history.
So we have two places where there isn't any filtration.
An attacker can share the item to admin and get admin's cookie for example.
The text was updated successfully, but these errors were encountered:
Steps to reproduce
That's all... we can tap to the item and XSS payload will be executed (because there isn't any filtration in previous used passwords field).
Besides, XSS payload will be executed if you try to look at the change history.
So we have two places where there isn't any filtration.
An attacker can share the item to admin and get admin's cookie for example.
The text was updated successfully, but these errors were encountered: