test

# CVE-2024-40492: Stored XSS to ATO

## Description

Stored Cross-Site Scripting (XSS) is a type of security vulnerability typically found in web applications. It occurs when an attacker is able to inject malicious scripts into a web application, and those scripts are stored on the server. When other users access the data containing the malicious script, the script is executed in their browsers.

## Step to reproduce

1. Go to <https://app.heartbeat.chat/><br>
2. Create an account with name:

> &#x20;First name is payload&#x20;
>
> **`giongfnef"><h1>test</h1>"><img src=1 onerror=alert(document.cookie)>`**
>
> Lastet name is&#x20;
>
> **`giongfnef"><img src=1 onerror=alert(document.cookie)>`**

3. Go to "Threads" then search for that first name like giongfnef -> XSS is triager -> this is stored XSS which can lead to Account Take Over

## #POC

{% embed url="<https://youtu.be/iLYpPiZud8w>" %}

## Impact

After triggering the XSS, I can proceed with an Account Take Over. Since this is a stored XSS, any user who views the user section or searches for the user `giongfnef` will trigger the XSS and have their session stolen.

## Mitigation

To prevent stored XSS vulnerabilities, follow these best practices:

* **Input Validation:** Validate and sanitize all user inputs on the server-side.
* **Output Encoding:** Encode data before displaying it in the browser to prevent execution of injected scripts.
* **Use Security Libraries:** Use libraries and frameworks that automatically handle input sanitization and output encoding.
* **Content Security Policy (CSP):** Implement CSP headers to restrict the sources from which scripts can be loaded.

Thanks for reading, have a nice day :heart:


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://giongfnef.gitbook.io/giongfnef/cve/cve-2024-40492-stored-xss-to-ato.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.