CVE-2021–43712 Stored XSS. How I got my first CVE
Hello, This is my first CVE Write-up, and also Personally the first CVE id I’ve received.
You can read it on the official website here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43712
Vulnerable Software was Employee Daily Task Management System.
Vulnerability Description: Stored XSS in Add New Employee Form in System Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field.
Steps to reproduce:
1- Go to http://victim.com login as Admin or Manager
2- To add a new employee or task fill up some details and in the Name field enter the payload given above.
3- It will be stored in the database and whenever any user clicks on the name or try to navigate to the management field the XSS will be executed.
# Exploit Author: Varshil Patel (KnoxPro)
# Version: 1.0
# Tested on: Windows 10, 11