CVE-2020-11022

## Summary: CVE-2020-11022 at " https://app.spiketrap.io/users/sign_in " ## Steps To Reproduce: Cross-Site Scripting (XSS) # Proof of Concept 1: <option><style></option></select><img src=x onerror=alert(1)></style> ## Supporting Material/References: https://security.snyk.io/vuln/SNYK-JS-JQUERY-567880 https://github.com/TIBCOSoftware/Augmented-Reality/issues/65 https://www.exploit-db.com/exploits/49766 https://www.cybersecurity-help.cz/vdb/SB2020042126 * [attachment / reference] ## Impact Cross site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.