Stored-xss is working

Disclosed by
agnihackers123
  • Program Indeed
  • Disclosed date about 2 years ago
  • Points 1
  • Priority P4 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by agnihackers123

hello @Indeed I found stored-cross site on the activity which allows an attacker to steal admin account cookies.

Impact

Users can execute JavaScript code in the context of other users. This is critical when targeted users have high privileges. Attackers are then able to grant themselves the administrator privileges and even takeover the ownership of the New Relic account.

The hacker selected the Cross-site Scripting (XSS) - Stored weakness. This vulnerability type requires contextual information from the hacker. They provided the following answers:

STEP TO REPRODUCE:-

1)open the url:- [site]
2)Then type the company name is "hello"
3)Then change hello to javascript is entered
4)next button > click
5)Then show the popup message .
6)next page is on then refresh the page cookie is working popup message is show.
7)This is stored XSS.

This vuln is stored-xss . Attacker targeted users have high privileges. The hacker selected the Cross-site Scripting (XSS) - Stored weakness.

-->>Even attacker can easily get the cookie.

Thanks.

Activity