7th Acknowledgement From Inflectra

As Cross Site Scripting is one of my most loved imperfections I frequently test in web application and the greater part of the circumstances I got my outcome. Same issue I have recently founded in Inflectra  with the assistance of one of my companion.

Most of the time Cross Site Scripting vulnerabilities exist in Forms, Search Results, Support and Forms fields. I have likewise established the Stored XSS in Support Help Center of Inflectra.

Vulnerable Url: https://www.inflectra.com/Support/Forum/List.aspx

User Agent: Mozilla / Chrome / Safari / Android

Bug Type: Stored XSS (Cross Site Scripting)

Fix: Modify your input validation.

Date: 6th Feb – 17

Current Status: Patched

Steps To Produce:

  1. Goto https://www.inflectra.com/Support/Forums.aspx
  2. In Forms field select any Category and after that select any problem/question.
  3. Click on the Reply Button on that question and here select Insert Table option.
  4. Insert XSS (Cross Site Scripting) Payload in every single table field as appeared in picture. Then click Insert Table. Payload "><img src=# onerror=alert('XSS') /> You’ll see the popup executes and the page is powerless against XSS.

Inflectra Tables Vulnerability

At that point as I Inserted Table the code is executed and popup shows up.

Inflectra XSS

As I got the outcomes I report this Security blemish to them they answered me in five working days and began attempting to resolve this issue.

They settled this issue in fifteen days and offer me to mention my name in their web site security  Hall of Fame page.

I accepted their offer and in five more days I was on their Hall of Fame page.

Inflectra HOF

Much Obliged for taking your valuable time. Much Obliged Inflectra for acknowledgement. (:

, , , , , , , , , , , , , , , , , , , , , , , , ,

Leave a Comment

Thanks for downloading!