Summary
There is a cross-site scripting vulnerability on To-Do that affected title field.
Details
XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. Payload can we use click or click
PoC
- Create a new project and name it anything such as "test"
- Click team and Add a new user who could be our victim
- Create a new To-Do, Add To-Do and inject click on title of To-Do
- Go to project overview and click the "click" text
- XSS will pop up on attacker side and victim side
Impact
Allows attacker to steal victim cookie
Summary
There is a cross-site scripting vulnerability on To-Do that affected title field.
Details
XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. Payload can we use click or click
PoC
Impact
Allows attacker to steal victim cookie