[CVE-2022–42100]KLiK SocialMediaWebsite Version 1.0.1 — Stored XSS Vulnerability at reply-form
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.
<img src=”test” onerror=confirm(“Grim-The-Ripper-Team-by-SOSECURE-Thailand”)>
- KLiK SocialMediaWebsite Version 1.0.1 https://github.com/msaad1999/KLiK-SocialMediaWebsite
- Google Chrome Version 103.0.5060.114 (Official Build) (64-bit)
Steps to attack:
- Login with user credentials.
2. Go to the “Forum”(any forum) as show in the picture
3. Next, scroll down and click on the “reply-form” input then enter the XSS payload and press the Submit reply button.
4. After refresh this page The XSS payload will run immediately.
Grim The Ripper Team by SOSECURE Thailand