Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager
Jul 3rd 2021
Stored xss via group name
💥 TESTED VERSION
latest version as of 01/07/21
💥 STEP TO REPRODUCE
1. create a group with bellow xss payload in name.
group1"'><img src=x onerror=alert(22)>.
2. Now add a new user called
user-B to the above group .
3. Finally visit
http://localhost/online-rental/app/admin/pageViewMembers.php and see xss is executed .