Tag: stored xss

Fronter XSS – 3 XSS in 1 Blogpost

Today I want to write about Fronter and Fronter XSS Vulnerabilies. Fronter is a learning platform from leading ICT provider, itslearning. Based on Nordic educational models, Fronter is a comprehensive teaching and learning solution used in schools and universities worldwide. As part of the itslearning portfolio, the Fronter solution has a full range of available…


ITSLEARNING VULNERABILITY STORIES – One more stored XSS

Itslearning vulnerability stories episode 3 is here. I want to add another stored xss to itslearning vulnerabilities list. Let’s do it! This is an interesting vulnerability that triggers stored XSS. Itslearning has a kind of document sharing feature that helps people to share files to each other. Normally, when you click the file, system automatically…


ITSLEARNING STORED XSS VULNERABILITY OR NOT?

I’ve found an stored XSS on itslearning education system works without even autorized. Hacker can do lots of things via Itslearning stored XSS vulnerability. This XSS works without any authorization, so it is more dangerous than usual XSS. Payload : I use <svg/onload=prompt(1)> but almost every payload works. PoCs about itslearning stored XSS  Redirect via XSS; https://files.itslearning.com/data/2099/13132/xss.html Alert…


-------------------------------------------------------------------------------------------------------------------------Mustafa Kemal Can-------------------------------------------------------------------------------------------------------------------------