Skip to content

Instantly share code, notes, and snippets.

@ipxsec
Last active August 21, 2024 10:01
Show Gist options
  • Save ipxsec/10526db2cbfcb899a70dcb8f0ee53a99 to your computer and use it in GitHub Desktop.
Save ipxsec/10526db2cbfcb899a70dcb8f0ee53a99 to your computer and use it in GitHub Desktop.
Solvait Stored XSS

Stored XSS

Description:

Stored Cross-Site Scripting (XSS) vulnerability in Solvait version 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature, which permits user-supplied input to be saved and later rendered as part of the web application's content.

Impact

An attacker can exploit this vulnerability by executing arbitrary JavaScript code in the of the victim's browser session.

Vulnerability path:

https://<domain>/Accountlogin/update_intrest?intrest=<payload>

Affected target

This vulnerability was tested and found on version 24.4.2

Steps to Reproduce:

1- Navigate to https://<domain>/Accountlogin/BasicInformation.
2- In the profile page, under the Things i do section, type anything and intercept the request.
3- Modify the intrest parameter and include the XSS Payload.
4- Send the request.
5- A successful response will be returned.
6- Refresh the page and the Javascript code will be executed.

Discoverer

Abdulwahab Alismaeel

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment