Cross-site Scripting (XSS) - Generic in ciur/papermerge


Reported on

Feb 6th 2021

:book: Description

Papermerge is an open source document management system (DMS) primarily designed for archiving and retrieving your digital documents. Instead of having piles of paper documents all over your desk, office or drawers - you can quickly scan them and configure your scanner to directly upload to Papermerge DMS.. This package is vulnerable for (XSS).

:recycle: Steps To Reproduce-:

  1. clone or use demo
  2. add jscode in meta form. Payload used : "><img src=x onerror=alert(137)>

:telescope: POC

💥 Impact


to join this conversation