You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Stored XSS
there is a stored XSS , which is critical because an unauth user can send js code to admin panel , which cloud lead to admin Account takeover.
To Reproduce
Steps to reproduce the behavior:
got to s-cart store while adding product to the cart , intercept it and usei the payload in form_attr parm
Also try to give the email in profile so security vulnerability's can share directly without publishing it public
So it reduces the risk
Cheers 🍻,
Muhaimin
Stored XSS
there is a stored XSS , which is critical because an unauth user can send js code to admin panel , which cloud lead to admin Account takeover.
To Reproduce
Steps to reproduce the behavior:
form_attr
parmee.mp4
here is the POC video : https://drive.google.com/file/d/1E7AE7EFPTiiEEj8jAKvVAumWKu4PRs0L/view?usp=sharing
payload used =
"><script>alert("test")</script>
The text was updated successfully, but these errors were encountered: