Describe the bug
Multiple views include the view _monitor_filters.php, being the file where the vulnerable code exists. The view _monitor_filters contains a filter form, where it takes in input from the user & saves it into the session, in order to preserve & retrieve it later (insecurely). The value of MonitorName & Source parameter are being displayed without any output filtration being applied.
Describe Your Environment
Describe the bug
Multiple views include the view
_monitor_filters.php, being the file where the vulnerable code exists. The view_monitor_filterscontains a filter form, where it takes in input from the user & saves it into the session, in order to preserve & retrieve it later (insecurely). The value ofMonitorName&Sourceparameter are being displayed without any output filtration being applied.To Reproduce
Multiple Views (cycle.php example )
Affected URL :
http://localhost/zm/index.php?view=cycle&filtering=&MonitorName="><img src=x onerror-prompt('1');>&Function[]=Modect&Status[]=Unknown&Status[]=w&Source="><img src=x onerror-prompt('1');>
Payload used -
"><img src=x onerror-prompt('1');>Expected behavior
Debug Logs
The text was updated successfully, but these errors were encountered: