Stored XSS Vulnerability
Discovered by Nithissh S
Vendor Homepage:
Bug Description:
Stored XSS generally occurs when user input is stored on the target server, such as in a database, in a message forum, visitor log, comment field, etc. And then a victim is able to retrieve the stored data from the web application without that data being made safe to render in the browser.
Steps to Produce:
- First of all we will have a look into the Source code
2. Let’s register for an account with a name as an XSS payload
3. After the successful registration , While signing up Our XSS payload will get triggered
Impact:
This vulnerability has the potential to steal a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie.
CVE Mitre : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43438