Open
Description
There is a Reflective XSS vulnerability when user view the survey result. The failure of the XSS filter to work properly resulted in this vulnerability, which allows remote attackers to inject arbitrary web script or stole admin's or other users cookies. The impact of the problem is serious especially when combined with CSRF vulnerability exploitation.
Vulnerability file:
/diaowen/design/qu-multi-fillblank!answers.action
PoC:
/diaowen/design/qu-multi-fillblank!answers.action?quItemId=2c9790db6c74f25f016c7536aed90022&surveyId=2c9790db6c74f25f016c7"><scr<script>ipt>alert('XSS');</script 200
Metadata
Metadata
Assignees
Labels
No labels
