Reflected XSS in collectiveaccess/providence

Valid

Reported on

Apr 29th 2022


Description

Hello , i found an authenticated reflected xss via path fragment this was exploitable through trusting user input in url path fragement , please note : if you wrote a different payload you need to URL Encode the payload twice

Proof of Concept

Enter this url : https://demo.collectiveaccess.org/index.php/system/Error/Show/n/3250%22%253CScRiPt%2520%253Ealert(%221337%22)%253C%252FsCripT%253E

Picture:

Vuln_Line

Kind Regards,

Rawi (@0xRaw)

Impact

Steal User Cookies or redirect user to malicious sites

References

We are processing your report and will contact the collectiveaccess/providence team within 24 hours. 2 years ago
We have contacted a member of the collectiveaccess/providence team and are waiting to hear back 2 years ago
CollectiveAccess
2 years ago

Maintainer


Not sure how we missing this one :-/ Thank you.

CollectiveAccess validated this vulnerability 2 years ago
0xraw has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
CollectiveAccess marked this as fixed in 1.8 with commit 49de45 2 years ago
The fix bounty has been dropped
0xRaw
2 years ago

Researcher


Hello thanks for the quick fix, Can i have a CVE for this finding ?

Kind Regrads, Rawi.

Jamie Slome
2 years ago

Sure, we can arrange a CVE - @maintainer, are you happy to proceed with a CVE for this finding?

0xRaw
2 years ago

Researcher


hey , @maintainer just dropping by to make sure that if you are ok with arranging a CVE for this finding.

Kind Regards, Rawi.

Jamie Slome
2 years ago

Sorted 👍

to join this conversation