Summary
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.
Details
I found a XSS vulnerability that could potentially compromise user data and pose a significant security risk to the platform.
PoC
- Create a project
- Navigate to project
- Visit to the integration
- Add malicious payload inside the webhook and save it.
- Notice the alert dialogue indicating successful execution of the XSS payload.
'';!--" onfocus=alert(0) autofocus="" onload=alert(3);="&{(alert(1))}" |="" mufazmi"="
'';!--" onfocus=alert(0) autofocus="" onload=alert(3);=>>"&{(alert(1))}" |="">> mufazmi"=">>
POC
https://youtu.be/kqKFgsOqstg
Impact
This XSS vulnerability allows an attacker to execute malicious scripts in the context of a victim's browser when they click on a specially crafted link. This could lead to various malicious activities, including session hijacking, stealing sensitive information such as cookies or login credentials, and potentially compromising the entire platform's security.
mufazmi Reporter
Summary
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.
Details
I found a XSS vulnerability that could potentially compromise user data and pose a significant security risk to the platform.
PoC
POC
https://youtu.be/kqKFgsOqstg
Impact
This XSS vulnerability allows an attacker to execute malicious scripts in the context of a victim's browser when they click on a specially crafted link. This could lead to various malicious activities, including session hijacking, stealing sensitive information such as cookies or login credentials, and potentially compromising the entire platform's security.