Stored XSS in Resources in francoisjacquet/rosariosis

Valid

Reported on

Jun 2nd 2022

Description

Website does incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Steps to reproduce [it works on Firefox (not in chromium based browsers)]

1.Go to https://www.rosariosis.org/demonstration/ and login with administrator account

2.Go to https://www.rosariosis.org/demonstration/Modules.php?modname=Resources/Resources.php

3.Create new link with content javascriptjavascript::alert(origin)

4.Click the link and observe a pop up

#Image POC

https://drive.google.com/file/d/1eAp3e2iScNtD80UNEgnNc905c55Z-PsC/view?usp=sharing

https://drive.google.com/file/d/1pDFNzxA_b_ib9SvAyo9vbTr3SrSphTnB/view?usp=sharing

Impact

User clicking the link can be affected by malicious javascript code created by the attacker.

We are processing your report and will contact the francoisjacquet/rosariosis team within 24 hours. 2 years ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists 2 years ago
Domiee13 modified the report
2 years ago
We have contacted a member of the francoisjacquet/rosariosis team and are waiting to hear back 2 years ago
François Jacquet validated this vulnerability 2 years ago
Domiee13 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
François Jacquet marked this as fixed in 9.0 with commit adc5df 2 years ago
François Jacquet has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation