Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

Valid

Reported on

Jul 3rd 2021

💥 BUG

Stored xss via group name

💥 TESTED VERSION

latest version as of 01/07/21

💥 STEP TO REPRODUCE

1. create a group with bellow xss payload in name.
group1"'><img src=x onerror=alert(22)>.
2. Now add a new user called user-B to the above group .
3. Finally visit http://localhost/online-rental/app/admin/pageViewMembers.php and see xss is executed .

Occurrences

pageViewMembers.php L2

We have contacted a member of the bigprof-software/online-rental-property-manager team and are waiting to hear back 2 years ago

BigProf Software marked this as fixed with commit 2dc485 2 years ago

BigProf Software has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

We have contacted a member of the bigprof-software/online-rental-property-manager team and are waiting to hear back 2 years ago

BigProf Software marked this as fixed with commit 2dc485 2 years ago

BigProf Software has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation