Headline
CVE-2022-48118: There may be XSS hidden dangers here · Issue #379 · bbalet/jorani
Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.
Github issue tracker is used for bug only.
For general questions and requests, please join the Google group
Don’t hesitate to provide screenshots.
What is the version of Jorani?
v1.0
Expected behavior
Acronym is just a normal form parameter, but if I modify the length of that column in database, I can input a longer XSS payload
Actual behavior
And when next time I look at the page, a XSS vulnerability is pop out.
Steps to reproduce the behavior
Details can be seen in the following docx.
jorani.docx