- Status Closed
-
Assigned To
cbay - Private
Attached to Project: Security vulnerabilities
Opened by milapshah1 - 17.07.2024
Last edited by cbay - 17.07.2024
Opened by milapshah1 - 17.07.2024
Last edited by cbay - 17.07.2024
FS#62 - Stored XSS Via Upload Document
- Vulnerability Explanation-When a user uploads a document containing malicious code, such as JavaScript, to the web application, it gets stored on the server without proper validation or sanitization. This allows an attacker to inject and execute arbitrary scripts within the application's context.
- Impact-This vulnerability enables attackers to execute unauthorized scripts on the client-side, leading to session hijacking, data theft, or defacement of the web application. It can compromise user privacy, damage the application's reputation, and potentially expose sensitive information to malicious actors.
- Severity-High
- Steps to reproduce- 1) go to support https://admin.alwaysdata.com/support/
Loading...
Available keyboard shortcuts
- Alt + ⇧ Shift + l Login Dialog / Logout
- Alt + ⇧ Shift + a Add new task
- Alt + ⇧ Shift + m My searches
- Alt + ⇧ Shift + t focus taskid search
Tasklist
- o open selected task
- j move cursor down
- k move cursor up
Task Details
- n Next task
- p Previous task
- Alt + ⇧ Shift + e ↵ Enter Edit this task
- Alt + ⇧ Shift + w watch task
- Alt + ⇧ Shift + y Close Task
Task Editing
- Alt + ⇧ Shift + s save task
Please ignore this report due to internet issue it will by mistake added