Stored XSS
there is a stored XSS , which is critical because an unauth user can send js code to admin panel , which cloud lead to admin Account takeover.
To Reproduce
Steps to reproduce the behavior:
got to s-cart store while adding product to the cart , intercept it and usei the payload in form_attr parm
Also try to give the email in profile so security vulnerability's can share directly without publishing it public
So it reduces the risk
Cheers 🍻,
Muhaimin
Stored XSS
there is a stored XSS , which is critical because an unauth user can send js code to admin panel , which cloud lead to admin Account takeover.
To Reproduce
Steps to reproduce the behavior:
form_attrparmee.mp4
here is the POC video : https://drive.google.com/file/d/1E7AE7EFPTiiEEj8jAKvVAumWKu4PRs0L/view?usp=sharing
payload used =
"><script>alert("test")</script>The text was updated successfully, but these errors were encountered: