Summary
hi team,
I found Stored XSS in upload file svg version 9.0.54156 reported the vulnerability with CVE-2021-41952, in version 9.3.57186 i have bypassed it
visit : #1 to view my report
Info
Zenario 9.3.57186 last version
FireFox 105.0.3 (64-bit)
Chrome 106.0.5249.119
I will recreate it again Steps
Login home page >> Choose Users & Contacts and create any user
Click Image >> Upload an image
payload i inject to svg
go to link file inject , paypload executed
The text was updated successfully, but these errors were encountered:
Summary
hi team,
I found Stored XSS in upload file svg version 9.0.54156 reported the vulnerability with CVE-2021-41952, in version 9.3.57186 i have bypassed it
visit : #1 to view my report
Info
Zenario 9.3.57186 last version
FireFox 105.0.3 (64-bit)
Chrome 106.0.5249.119
I will recreate it again
Steps
Login home page >> Choose Users & Contacts and create any user
Click Image >> Upload an image

payload i inject to svg

go to link file inject , paypload executed

The text was updated successfully, but these errors were encountered: