Stored XSS on Tag in answerdev/answer

Valid

Reported on

Feb 9th 2023

Description

Evil users can attack other users or administrator users through this vulnerability, causing other users/administrator user accounts to be taken over

Proof of Concept

step 1. Create new tag

Step 2: Enter XSS payload <img src=x onerror=alert(localStorage.getItem('_a_lui_')) /> to Description tag

Step 3: Go to http://127.0.0.1/questions

Step 4: Click to tag

POC

https://drive.google.com/file/d/1TJAaoAe0YT4GadLntvCYBuyj1ZlFL4Yp/view

Impact

Executing JavaScript in victim's session which leads to potential account takeover, perform actions as that user, ...

We are processing your report and will contact the answerdev/answer team within 24 hours. 10 months ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists 10 months ago
Kevin Kien modified the report
10 months ago
We have contacted a member of the answerdev/answer team and are waiting to hear back 10 months ago
joyqi validated this vulnerability 9 months ago
Kevin Kien has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
joyqi marked this as fixed in 1.0.6 with commit 90bfa0 9 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
joyqi published this vulnerability 9 months ago
index.tsx#L67-L114 has been validated
to join this conversation