Stored XSS via ' profile ' at ███
Medium
M
Mars
Submitted None
Team Summary
Official summary from Mars
A Cross-Site Scripting (XSS) vulnerability was present in the ██████' field on the user profile page. The vulnerability arises from the improper sanitization of user input, allowing attackers to inject malicious scripts that execute within the victim's browser context when the profile is viewed.
Actions:
Reported by
0xs4m
Vulnerability Details
Technical details and impact analysis
hi team
i found stored xss on profile
1. Go to registration page (██████)
2. Verified your account.
3. Go to login page and login your account.
For the fastly test, use this credentials to login (my test account)
█████████ For Attacker
email: █████████
pass: Password
████ For Victime
email: █████████
pass: password
After login i change animal name to payload xss .. i open victime account and i put attacker profile url so i succeeded.
██████████
## Impact
Stored Cross Site Scripting which attacker can execute malicious javascript payload.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Stored