Cross-site Scripting (XSS) - Stored in convos-chat/convos
Dec 28th 2021
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload .html extension. This causes Stored XSS. Also, after uploading a file, it does not log in, and XSS occurs even if you connect.
Proof of Concept
Username : firstname.lastname@example.org Password : qwer12211@ 1. Open the https://demo.convos.chat/login and Login as to above account 2. Go to https://demo.convos.chat/chat/irc-demo-irc-convos/<chat room name> 3. File Upload a html file 4. When you upload a file, an upload link is created in the comment form. 5. Please connect after attaching ".html" after the link Video : https://www.youtube.com/watch?v=AfrsOY2S0Nc
Through this vulnerability, an attacker is capable to execute malicious scripts.