You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The view frame, insecurely prints the scale parameter value on the webpage that is without applying any proper filtration, leading to XSS.
Describe Your Environment
Describe the bug
The view
frame
, insecurely prints thescale
parameter value on the webpage that is without applying any proper filtration, leading to XSS.To Reproduce
Affected URL :
http://localhost/zm/index.php?view=frame&eid=1&fid=1&scale=</script>"><img src=x onerror=prompt('1');>
Payload used -
</script>"><img src=x onerror=prompt('1');>
Affected source Files:
/web/skins/classic/views/frame.php
/web/skins/classic/views/js/frame.js.php
Expected behavior
Debug Logs
The text was updated successfully, but these errors were encountered: