Headline
GHSA-2fch-hv74-fgw9: Cross site scripting (XSS) in wwbn/avideo
Description:
While making an account in demo.avideo.com I found a parameter “?success=” which did not sanitize any symbol character properly which leads to XSS attack.
Impact:
Since there’s an Admin account on demo.avideo.com attacker can use this attack to Takeover the admin’s account
Step to Reproduce:
- Click the link below
https://demo.avideo.com/user?success="><img src=x onerror=alert(document.cookie)>
- Then XSS will be executed
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-2fch-hv74-fgw9
Cross site scripting (XSS) in wwbn/avideo
High severity GitHub Reviewed Published Apr 26, 2023 in WWBN/AVideo • Updated Apr 26, 2023
Package
Description:
While making an account in demo.avideo.com I found a parameter “?success=” which did not sanitize any symbol character properly which leads to XSS attack.
Impact:
Since there’s an Admin account on demo.avideo.com attacker can use this attack to Takeover the admin’s account
Step to Reproduce:
- Click the link below
https://demo.avideo.com/user?success="><img src=x onerror=alert(document.cookie)>
- Then XSS will be executed
References
- GHSA-2fch-hv74-fgw9
Published to the GitHub Advisory Database
Apr 26, 2023
Last updated
Apr 26, 2023