Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stored XSS in module name #162

Closed
Fadavvi opened this issue Nov 6, 2018 · 1 comment
Closed

Stored XSS in module name #162

Fadavvi opened this issue Nov 6, 2018 · 1 comment
Assignees
@w4tson442

Comments

@Fadavvi
Copy link

Fadavvi commented Nov 6, 2018

Hi agian

Description :
XSS in module name will prompt in all other pages of X2CRM CE V6.9

Sample Pic:
ezgif-4-97e4273b25ba

Payload to use : "><img src=x onerror=prompt('@darknetguy');>

Tested on Windows 10 Firefox | Google Chrome // Cent-OS 7 Firefox | Chromium

BR,

Milad Fadavvi
@pczupil
Copy link
Contributor

pczupil commented Oct 21, 2019

Thank you for the info Milad. We will have this fixed in our next release. I will keep this issue open until we have confirmed that the XSS has been removed.

@Fadavvi Fadavvi closed this as completed Mar 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@w4tson442 w4tson442

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pczupil @Fadavvi @w4tson442