This exploit demonstrates a persistent XSS vulnerability in UserSpice <= 4.3 by injecting a malicious script into the user bio field, which executes when other users view the profile. The vulnerable code directly outputs user-controlled input without proper sanitization.
Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:UserSpice <= 4.3
Auth required
Prerequisites:Valid user account · Access to edit profile