Stored XSS in application name.
Discription

# Description
Hi there, there is a stored XSS in Oauth application name.

# Proof of Concept
1. Install a local instance of Autolab.
2. Go to `/oauth/applications` and create a new application with name “.
3. Click on `Authorize` and see that a pop up appears with user’s cookies.

Link to POC `https://drive.google.com/file/d/1r4bwjW803k_8RhNXAyRZK6Qa6hU6W9cS/view?usp=sharing`Read More

Back to Main

Subscribe for the latest news: