Stored XSS Attack - Githubissues

trickest / cve

Gather and update all available and newest CVEs with their PoC.

https://trickest.com

MIT License

6.52k stars 829 forks source link

Stored XSS Attack #67

Open Bingoyyj opened 1 year ago

Bingoyyj commented 1 year ago

Describe the bug Stored XSS caused by remote malicious content.

To Reproduce According to the rules of regular matching, remotely construct malicious vulnerability description content, insert XSS payload into it, such as: or payload that steals cookies.

Screenshots

Affected Version Lastest.

Ashthetik commented 1 year ago

I'm not apart of this project, but the info you're providing is very lacking in identifiers as well as any form of PoC to actually verify that this isn't just some local edit.

If you could provide site, package version (if applicable), ref links to PoCs, link to CVE, etc. it would help with public knowledge and awareness

AAloush commented 1 month ago

Add this to the python script.

from html import escape
[...]
def clean_text(description):
    [...]
    return escape(description)