Describe the bug
The view options, does no input validation to the value supplied to WEB_TITLE, HOME_URL, HOME_CONTENT, WEB_CONSOLE_BANNER field & processes it further storing the value into the
database without any prior filtration, leading to stored XSS.
Describe Your Environment
Describe the bug
The view
options, does no input validation to the value supplied toWEB_TITLE,HOME_URL,HOME_CONTENT,WEB_CONSOLE_BANNERfield & processes it further storing the value into thedatabase without any prior filtration, leading to stored XSS.
To Reproduce
Affected URL :
http://localhost/zm/index.php
POST Data -
Payload used -
"><img src=x onerror=prompt('1');>WEB_TITLE,HOME_URL,HOME_CONTENT,WEB_CONSOLE_BANNERwill beset with the Payload & get triggered.Expected behavior
Debug Logs
The text was updated successfully, but these errors were encountered: