I would like to report a vulnerability (cross-site-scripting) which I have observed in current version v11.0.0.0 and before.
Cross-Site Scripting (XSS) allows attacker to inject the malicious JavaScript as user input and then malicious script can access any cookies, session tokens, or other sensitive information associated with impacted applications.
Hello Team,
I would like to report a vulnerability (cross-site-scripting) which I have observed in current version v11.0.0.0 and before.
Cross-Site Scripting (XSS) allows attacker to inject the malicious JavaScript as user input and then malicious script can access any cookies, session tokens, or other sensitive information associated with impacted applications.
Please refer https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) for more details.
Steps:
Log into the application as a low privileged user (Editor Role).

Select any folder to upload file.

Upload any file.

Put the XSS payload in Title of the file

Now, log in as any user(including admin), and payload gets executed in folder view when file title gets loaded.

Regards,
varunsharma0121@gmail.com
The text was updated successfully, but these errors were encountered: