Impact
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.
Screenshots
insert payload xss:
xss alert message:
Desktop (please complete the following information):
OS: Windows
Browser: All
Version
The text was updated successfully, but these errors were encountered:
Please note that all requests within a single browser session will share a single reference number and will only receive a confirmation email for the first request. If you refresh your browser or close and reopen your browser between each request, you will receive a new confirmation email and reservation number for each request.
Describe the bug
An authenticated malicious user can take advantage of a Stored XSS vulnerability in the "Shoutbox" feature.
To Reproduce
Steps to reproduce the behavior:
<svg><script xlink:href=data:,alert(1337) />Impact
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.
Screenshots

insert payload xss:
xss alert message:

Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: