xss for admin of https://newsletter.nextcloud.com

Disclosed: 2017-02-17 11:03:59 By sergeym To nextcloud

Unknown

Vulnerability Details

a site https://newsletter.nextcloud.com to have phplist 3.2.5 steps to reproduce: 1. to use firefox browser, latest version 2. go to https://newsletter.nextcloud.com/admin/?page=viewtemplate&id=123%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E 3. log in as admin 4. alert box with name of domain please, look at my poc video in attachment (has been installed phplist 3.2.5 on the localhost)

Actions

View on HackerOne

Report Stats

Report ID: 153799
State: Closed
Substate: resolved
Upvotes: 3

xss for admin of https://newsletter.nextcloud.com

Vulnerability Details

Actions

Report Stats

Share this report