Describe the bug
The view Run State, does no input validation to the value supplied to New State field & processes it further storing the value into the database without any prior filtration, leading to stored XSS.
POST Data - __csrf_magic=key:1f34f1349423d6ec88301cfdfa4d450eb8d33c1b,1547801142&view=console&action=save&apply=1&newState=<script>alert('1');</script>
Payload used - <script>alert('1');</script>
Navigate to the Affected URL and set value of New State with payload
Click on Download and Payload would be triggered.
Expected behavior
Proper escaping of special characters.
Debug Logs
None
The text was updated successfully, but these errors were encountered:
Describe Your Environment
Describe the bug
The view
Run State, does no input validation to the value supplied toNew Statefield & processes it further storing the value into the database without any prior filtration, leading to stored XSS.To Reproduce
Affected URL :
http://localhost/zm/index.php
POST Data -
__csrf_magic=key:1f34f1349423d6ec88301cfdfa4d450eb8d33c1b,1547801142&view=console&action=save&apply=1&newState=<script>alert('1');</script>Payload used -
<script>alert('1');</script>Expected behavior
Debug Logs
The text was updated successfully, but these errors were encountered: