You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
5. click to image avatar >> click right mouse >> Inspect Element (F12) >> found to link vlun svg
Copy domain >> open web >> BOOM XSS alert message
Inpact :
Attacker can send malicious files to victims and steals victim's cookie leads to account takeover.
The person viewing the image of a contact can be victim of XSS.
The text was updated successfully, but these errors were encountered:
Summary
hi team,
I found small XSS upload file to SVG.
Info
Steps
4. use burpsuite and capture request file a.svg
5. click to image avatar >> click right mouse >> Inspect Element (F12) >> found to link vlun svg
Inpact :
Attacker can send malicious files to victims and steals victim's cookie leads to account takeover.
The person viewing the image of a contact can be victim of XSS.
The text was updated successfully, but these errors were encountered: