CVE-2023-46925: Reflected XSS in Reportico-7.1 · Issue #47 · reportico-web/reportico

Cross-site scripting (XSS) is a web application vulnerability that permits an attacker to inject code, (typically HTML or JavaScript), into the contents of an outside website. When a victim views an infected page on the website, the injected code executes in the victim’s browser. Consequently, the attacker has bypassed the browser’s same origin policy and is able to steal private information from a victim associated with the website.

Steps:

1. Login into the Reportico-7.1 admin module
2. Under create report in project, enter the XSS payload in title section.
3. The payload will execute once it’s saved.