This is a writeup describing a Stored XSS vulnerability in Countly-server. It provides details on how an attacker can inject malicious payloads into the database, which are then executed when viewed in the event logs panel.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:Countly-server (All Versions)
Auth required
Prerequisites:Access to the injection URL with a valid API key · Access to the dashboard to trigger the payload