Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe Your Environment
Describe the bug A user can edit an existing monitor thereby modifying various misc properties, one of them being signal check color. There exists no input validation & output filtration, leaving it vulnerable to HTML Injection, XSS attack.
signal check color
To Reproduce Affected URL : http://localhost/zm/index.php?view=monitor&tab=misc
Payload used - "><a href="javascript:alert('1')
"><a href="javascript:alert('1')
Expected behavior
Debug Logs
None
The text was updated successfully, but these errors were encountered:
254b728
No branches or pull requests
Describe Your Environment
Describe the bug
A user can edit an existing monitor thereby modifying various misc properties, one of them being
signal check color. There exists no input validation & output filtration, leaving it vulnerable to HTML Injection, XSS attack.To Reproduce
Affected URL :
http://localhost/zm/index.php?view=monitor&tab=misc
Payload used -
"><a href="javascript:alert('1')Expected behavior
Debug Logs
The text was updated successfully, but these errors were encountered: