Headline
CVE-2021-3853: Cross-site Scripting (XSS) - Stored in chaskiq
chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Valid
Reported on
Jan 12th 2022
Description
chaskid is a Open Source Messaging Platform for Marketing, Support & Sales this package is vulnerable for xss
Proof of Concept
Impact
This vulnerability is capable of stored XSS
We are processing your report and will contact the chaskiq team within 24 hours. 5 days ago
We created a GitHub Issue asking the maintainers to create a SECURITY.md 4 days ago
Hello, not sure how to reproduce the security issue, can you guide us?
Hey , really sorry for that , my link got broken or something happened with Imgur
Here is the gdrive for poc : https://drive.google.com/file/d/1bzuZZowCtn4yF5JoQwpJNQp1RzAFk6jL/view?usp=drivesdk
Thank you
Thanks, Abdul, I will take care of this issue asap!
how can we help you back?
The fix bounty is now up for grabs
The fix bounty has been dropped
Hey @admin, Can you assign a CVE?
We are processing your report and will contact the chaskiq team within 24 hours. 5 days ago
We created a GitHub Issue asking the maintainers to create a SECURITY.md 4 days ago
Hello, not sure how to reproduce the security issue, can you guide us?
Hey , really sorry for that , my link got broken or something happened with Imgur
Here is the gdrive for poc : https://drive.google.com/file/d/1bzuZZowCtn4yF5JoQwpJNQp1RzAFk6jL/view?usp=drivesdk
Thank you
Thanks, Abdul, I will take care of this issue asap!
how can we help you back?
The fix bounty is now up for grabs
The fix bounty has been dropped
Hey @admin, Can you assign a CVE?