Vulnerability Serious

Created on 28 January 2023, almost 2 years ago
Updated 13 March 2023, almost 2 years ago

Hello team! Found XSS active on your site!
With its help, you can knock down the entire site.engagebay.com
For example:
1. Admin creates a project
2. Invites a user to the project with the rights to invite other users
3. Log in from this user with invitation rights and send
4. intercept the request with Charles
5. Edit the request and specify in the picture_url request:

we update the page and get the XSS stored and the project can no longer be launched! And so, the conclusion. The user can put the entire project to the administrator in a couple of minutes)
Are you paying for vulnerabilities? It is very serious. In addition, it is possible to steal the project administrator's COOKIE.

πŸ› Bug report
Status

Closed: cannot reproduce

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡¦Ukraine fireve

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024