Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VoIP simpliclty of Zed-3 is vulnerable to Cross Site Scripting (XSS) #1

Open
liong007 opened this issue Oct 21, 2022 · 0 comments
Open

Comments

@liong007
Copy link
Owner

liong007 commented Oct 21, 2022

**Exploit Title:**VoIP simpliclty of Zed-3 is vulnerable to Cross Site Scripting (XSS)
Company to which the vulnerability belongs: Beijing Zed-3 Technologies Co.,Ltd
**Date:**10/20/2022

Vendor Homepage: www.zed-3.com
ASG Version: 8.5.0.17807 (20181130-16:12)
CVE-2022-44235
**Discoverer:**Yuan Lirong

Attack vector(s):
Beijing Zed-3 Technologies Co.,Ltd. is a high-tech enterprise founded by high-tech talents.
There is an XSS vulnerability in the VoIP simplilty developed by Beijing Zed-3 Technologies Co.,Ltd. An attacker can use this vulnerability to insert XSS execution code into the page "/login.php?pMessage=", perform pop-up operations, and obtain sensitive information such as user cookies.

POC:
</script><script>[window["location"]="javascript:alert(/xss/)"]</script>
And
</script><script>[window["location"]="javascript:alert(document.cookie)"]</script>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant