Share
## https://sploitus.com/exploit?id=PACKETSTORM:174803
## Title: TASKHUB-2.8.8-XSS-Reflected  
## Author: nu11secur1ty  
## Date: 09/22/2023  
## Vendor: https://codecanyon.net/user/infinitietech  
## Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874  
## Reference: https://portswigger.net/web-security/cross-site-scripting  
  
  
## Description:  
The value of the JSON parameter within the project parameter is copied  
into the HTML document as plain text between tags. The payload  
vn5mr<img src=a onerror=alert(1)>i62kl was submitted in the JSON  
parameter within the project parameter. This input was echoed  
unmodified in the application's response. The already authenticated  
(by using a USER ACCOUNT)attacker can get a CSRF token and cookie  
session it depends on the scenarios.  
  
  
STATUS: HIGH Vulnerability  
  
[+]Test exploit:  
  
```  
surw7%3Cscript%3Ealert(1)%3C%2fscript%3E  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/infinitietech/TASKHUB-2.8.8)  
  
## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2023/09/taskhub-288-xss-reflected.html)  
  
## Time spent:  
01:10:00