Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrEdr4C6353BAB-C382-47F6-937B-56D253F2E8D3
HistoryDec 04, 2022 - 2:43 p.m.

XSS Stored in Email

2022-12-0414:43:56
edr4
www.huntr.dev
27
stored xss
email injection
vulnerability

EPSS

0.001

Percentile

25.6%

JSON

Description

It was discovered that it is possible to inject a malicious payload into the email address field, resulting in a stored XSS vulnerability.

Proof of Concept

1. Access to emails parameters /scp/emails.php

image

2. create an account with the following email address

Payload test+(<script>alert(document.domain)</script>)@gmail.com

it works with all email account because they will be put in the drop-down list

image

3. Once the account is created, navigate to the settings section of emails

image

image

4. XSS is executed

Related

prion 1
osv 1
nvd 1
cvelist 1
cve 1
prion
prion
Cross site scripting
2023-03-10 16:15:00
osv
osv
CVE-2023-1316
2023-03-10 16:15:10
nvd
nvd
CVE-2023-1316
2023-03-10 16:15:10
cvelist
cvelist
CVE-2023-1316 Cross-site Scripting (XSS) - Stored in osticket/osticket
2023-03-10 00:00:00
cve
cve
CVE-2023-1316
2023-03-10 16:15:10

EPSS

0.001

Percentile

25.6%

JSON
Related for C6353BAB-C382-47F6-937B-56D253F2E8D3
prion1osv1nvd1cvelist1cve1