You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The view console, insecurely prints the Host value on the webpage, without applying any proper filtration, leading to Self - stored XSS.
Describe Your Environment
Describe the bug
The view
console
, insecurely prints theHost
value on the webpage, without applying any proper filtration, leading to Self - stored XSS.To Reproduce
Affected URL :
http://localhost/zm/index.php?view=console
Payload used -
"><img src=x onerror=prompt('1');>
Navigate to the http://localhost/zm/index.php?view=monitor&mid=1&tab=source
Inject the XSS payload into the
Host Name
field.Navigate to the affected URL, payload will be triggered
Expected behavior
Debug Logs
The text was updated successfully, but these errors were encountered: