You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The view options, does no input validation to the value supplied to WEB_TITLE, HOME_URL, HOME_CONTENT, WEB_CONSOLE_BANNER field & processes it further storing the value into the
database without any prior filtration, leading to stored XSS.
Describe Your Environment
Describe the bug
The view
options
, does no input validation to the value supplied toWEB_TITLE
,HOME_URL
,HOME_CONTENT
,WEB_CONSOLE_BANNER
field & processes it further storing the value into thedatabase without any prior filtration, leading to stored XSS.
To Reproduce
Affected URL :
http://localhost/zm/index.php
POST Data -
Payload used -
"><img src=x onerror=prompt('1');>
WEB_TITLE
,HOME_URL
,HOME_CONTENT
,WEB_CONSOLE_BANNER
will beset with the Payload & get triggered.Expected behavior
Debug Logs
The text was updated successfully, but these errors were encountered: