Hi there, there is a stored XSS in Oauth application name.
# Proof of Concept
1. Install a local instance of Autolab.
2. Go to `/oauth/applications` and create a new application with name “.
3. Click on `Authorize` and see that a pop up appears with user’s cookies.
Link to POC `https://drive.google.com/file/d/1r4bwjW803k_8RhNXAyRZK6Qa6hU6W9cS/view?usp=sharing`Read More
Back to Main