CVE-2023-5903: STORED XSS in Journal-> Sections in pkp-lib

Description

Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-II XSS.

Proof of Concept

https://drive.google.com/file/d/1ZrzJwy1kKdGPPmkIbU-GOB5Ok_G3Yywf/view?usp=sharing

Impact

This security vulnerability has the potential to steal multiple users’ cookies, gain unauthorized access to that user’s account through stolen cookies, or redirect the user to other malicious websites…