|Publication||27 – January – 2021||CVSS Score||5.4|
|Credits||Luis Daniel Hernández Guadarrama | WeHackMX||CVE||N/A|
In the following screenshot we can see a proof of concept (PoC). First, we must select “Añadir una lista” option.
The application prevents to include the <script> string, however it is possible to bypass the filtering by using variations, as shown in the following screenshot, we included the following payload <body onafterprint=alert(‘WeHackMx’)> in “description” parameter.
Finally, when the web page is refreshed the script code is executed, displaying a message box as part of the PoC.