View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 4668 | Composr | core_feedback_features | private | 2021-08-10 11:12 | 2021-08-16 02:48 |
| Reporter | Guest | Assigned To | Chris Graham | ||
| Priority | normal | Severity | Security-hole | ||
| Status | resolved | Resolution | fixed | ||
| Summary | 4668: stored XSS | ||||
| Description | Hello! I found stored xss from guest to admin via feedback. Version 10.0.37. PoC video (pwd: str0ngp@ssw0rd) https://dropmefiles.com/4llfn Can you register cve? it's just to increase self-esteem :) Thanks. | ||||
| Steps To Reproduce | click to feedback link. put <img/src/onerror=alert('XSS')> into "Subject" field log in as admin go to /adminzone/index.php?page=admin-messaging and click to new message | ||||
| Tags | No tags attached. | ||||
| Attach Tags | |||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
Thank you for your report. I'm looking into this. |
|
|
This (actually 2 bugs) has been publicly resolved and covered in https://compo.sr/news/view/announcements/two-new-xss-security.htm |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-08-10 11:12 | Guest | New Issue | |
| 2021-08-15 02:20 | Chris Graham | Note Added: 0007114 | |
| 2021-08-15 19:07 | Chris Graham | Assigned To | => Chris Graham |
| 2021-08-15 19:07 | Chris Graham | Status | Not Assigned => Resolved |
| 2021-08-15 19:07 | Chris Graham | Resolution | open => fixed |
| 2021-08-16 02:48 | Chris Graham | Note Added: 0007119 |
