An authenticated malicious user can take advantage of a Stored XSS vulnerability in "Add projects" function in the "Projects" feature.
Proof of Concept
Step 1: Go to "/projects/listprojects.php?", click "Add" and insert payload "<details/open/ontoggle=alert(document.cookie)>" in "Name" field.
Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
The text was updated successfully, but these errors were encountered:
anhdq201
changed the title
Stored Cross Site Scripting Vulnerability on "Projects" feature in webtareas 2.4p5
Stored Cross Site Scripting Vulnerability Bypass filter on "Projects" feature in webtareas 2.4p5
Nov 2, 2022
Version: 2.4p5
Description
An authenticated malicious user can take advantage of a Stored XSS vulnerability in "Add projects" function in the "Projects" feature.
Proof of Concept
Step 1: Go to "/projects/listprojects.php?", click "Add" and insert payload "
<details/open/ontoggle=alert(document.cookie)>" in "Name" field.Step 2: Alert XSS Message
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
The text was updated successfully, but these errors were encountered: