Stored XSS triggered by json key during UI generation
Unknown
Vulnerability Details
Stored XSS is triggred from **Indices** -> **Generate a UI Demo**. Typing anything in the **Primary, Secondary, Tertiary, Image or URL attributes** for **User Interface** section. These text box have a drop down which displays the json keys during which XSS is triggered.
Sample json for XSS would be
``{
"<img src=1 onerror=alert(document.domain)>": "hello",
}``
Attached: screen shot
Actions
View on HackerOneReport Stats
- Report ID: 156347
- State: Closed
- Substate: resolved
- Upvotes: 6