Headline

CVE-2023-5904: Stored xss using journal-name in journal-tab in pkp-lib

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.

12 months ago

CVE

Open in Source

#xss #google #js #git #java #php #firefox

BUG

Stored xss using journal-name in journal-tab

ACCOUNT

1. user-A --> superadmin --> Victim --> Firefox browser Normal mode
2. user-B --> journal manager --> Attacker --> Firefox browser Container-1\

STEP TO RERPODUCE

1. From user-A account create a journal called "journal-A".

2. Add user-B to this journal as “journal manager” .i already did

3. Login into user-B account and change journal name to xss payloadxss"’><img src=x onerror=alert(document.domain)>

4. from user-A account open journal-statistics in http://localhost/ojs-3.4.0-3/index.php/xss/stats/context/context and see xss is executed \

IMPACT

Using this xss attacker(user-B) can execute any javascript code in victim(user-A) account . And can full control over the victim account by executing any javascript code

VIDEO POC

https://drive.google.com/file/d/1iA456XdYaWe7qgkkkhp_I3Wzlr8fn2Re/view?usp=sharing

Impact

Using this xss attacker(user-B) can execute any javascript code in victim(user-A) account . And can full control over the victim account by executing any javascript code

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago