Stored XSS in the banner block description
Medium
Vulnerability Details
## Steps To Reproduce:
- Create a new template and add a banner block
{F1128944}
- Add a description to the banner block description: `"><img src=1 onerror=alert(document.domain)>`
- Malicious code executed
{F1128945}
## Proof Of Concept:
{F1128942}
## Impact
With this vulnerability, an attacker can for example steal users cookies or redirect users on malicious website.
Actions
View on HackerOneReport Stats
- Report ID: 1065964
- State: Closed
- Substate: resolved
- Upvotes: 25