YAFNET version:3.1.9 and 3.1.10 is vulnerable to cross-site scripting. The vulnerability allows users to embed arbitrary JavaScript code in the Send Private Message page that alters the intended functionality, potentially leading to credential disclosure in trusted sessions.
Summary
Send a private message to the victim after entering the XSS payload into the subject and message fields.
Details
affected source code file : https://github.com/YAFNET/YAFNET/blob/master/yafsrc/YetAnotherForum.NET/Pages/PostPrivateMessage.cshtml.cs (on web page : http://your-ip.com/forum/PostPrivateMessage)
YAFNET version:3.1.9 and 3.1.10 is vulnerable to cross-site scripting. The vulnerability allows users to embed arbitrary JavaScript code in the Send Private Message page that alters the intended functionality, potentially leading to credential disclosure in trusted sessions.
PoC
<img src=/ onmouseover=alert('send_XSS_from_chtsec_user_in_the_Subject')>
Impact
What kind of vulnerability is it? Who is impacted?
XSS (Cross-Site Scripting)
YAFNET version:3.1.9 and 3.1.10
Reference
https://drive.google.com/drive/folders/1ct6Tp_cnsYO8L_JSvlBCf_Ae7KW3JAcD?usp=sharing