Stored XSS in Site Name in answerdev/answer

Valid

Reported on

Feb 8th 2023


Description

Stored Cross-site Scripting (XSS) vulnerability in Site name of answerdev/answer

Proof of Concept

  1. Log in then
  2. Admin ---> Setting ---> General
  3. Enter below payload at Site Name

For More Understanding please check POC: https://drive.google.com/file/d/13R6WhenB0wJZBL3Yy-XW0NZkrC0_iBlR/view?usp=sharing

// PoC.js
var payload = #"><img src=/ onerror=alert(722)>

Impact

The attacker can execute arbitrary javascript in the admin account using this XSS

We are processing your report and will contact the answerdev/answer team within 24 hours. a year ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists a year ago
We have contacted a member of the answerdev/answer team and are waiting to hear back a year ago
joyqi validated this vulnerability a year ago
sanketx0722 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
joyqi marked this as fixed in 1.0.6 with commit 9870ed a year ago
The fix bounty has been dropped
This vulnerability has now been published a year ago
to join this conversation