Hello,
While examining the platform, I saw that an input field could not be sanitized cleanly. I found that I could run JavaScript commands on the system when I sent the Stored XSS payload to the relevant input. I tried with unauthorized users, but you can only perform this vulnerability with an authorized user.
1-) Login to the system with an authorized user. The “Add” operation is performed with the “Actions” button in the upper right of the Dashboard.
2-) While adding, the following XSS payload is sent to the “KPI Title” input.
Payload:
</sCriPt><sCriPt>alert(1);</sCriPt>
3-) When you come to the Dashboard screen after the addition is made, you will see that the relevant Alert command is running.
App Version:
c2.8.1
I cannot upload PoC Screen Shots as I am a new user.