Skip to content

Latest commit

 

History

History
32 lines (28 loc) · 1.29 KB

readme.md

File metadata and controls

32 lines (28 loc) · 1.29 KB

This is what I achived when research on Codoforum

Reflected XSS

Firstly, login into a user account, and create a new topic with title <svg/onload=alert(document.domain)>

Secondly, do nothing and refresh the page

It causes by this block of code

Vendor confirmed

REPORT TIMELINE

02/13/2020: Discovered the vulnerability

02/13/2020: Vendor confirmed

02/17/2020: CVE-2020-9007

Stored XSS

Create a post with Tags : 1" onmouseover="alert(1)

XSS will be fired if you put your mouse on tags

REPORT TIMELINE

02/24/2020: Discovered the vulnerability

03/03/2020: Vendor confirmed

Reflected XSS

Use Alt+Shift+X , XSS will be fired

REPORT TIMELINE

02/24/2020: Discovered the vulnerability

03/03/2020: Vendor confirmed