Stored Cross Site Scripting

  • Reported to Private
  • Reported by Haqtify
  • Medium (5.6)
  • $500
  • Published 5 months ago
  • No Likes

URL:

https://www.redacted.com/symptom-checker/

Description:

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise being and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

Payload:

“><img src=x onerror=alert(1)>

Steps To Reproduce:

1. Goto this URL and signup.

https://www.redacted.com/symptom-checker/

2.Here “First name” is vulnerable.

3.Insert XSS payload in it. XSS executed

POC: