Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe Your Environment
Describe the bug The view console, insecurely prints the Host value on the webpage, without applying any proper filtration, leading to Self - stored XSS.
console
Host
To Reproduce Affected URL : http://localhost/zm/index.php?view=console
Payload used - "><img src=x onerror=prompt('1');>
"><img src=x onerror=prompt('1');>
Navigate to the http://localhost/zm/index.php?view=monitor&mid=1&tab=source
Inject the XSS payload into the Host Name field.
Host Name
Navigate to the affected URL, payload will be triggered
Expected behavior
Debug Logs
None
The text was updated successfully, but these errors were encountered:
fa6716a
mnoorenberghe
No branches or pull requests
Describe Your Environment
Describe the bug
The view
console, insecurely prints theHostvalue on the webpage, without applying any proper filtration, leading to Self - stored XSS.To Reproduce
Affected URL :
http://localhost/zm/index.php?view=console
Payload used -
"><img src=x onerror=prompt('1');>Navigate to the http://localhost/zm/index.php?view=monitor&mid=1&tab=source
Inject the XSS payload into the
Host Namefield.Navigate to the affected URL, payload will be triggered
Expected behavior
Debug Logs
The text was updated successfully, but these errors were encountered: