**Exploit Title:**VoIP simpliclty of Zed-3 is vulnerable to Cross Site Scripting (XSS) Company to which the vulnerability belongs: Beijing Zed-3 Technologies Co.,Ltd
**Date:**10/20/2022
Attack vector(s):
Beijing Zed-3 Technologies Co.,Ltd. is a high-tech enterprise founded by high-tech talents.
There is an XSS vulnerability in the VoIP simplilty developed by Beijing Zed-3 Technologies Co.,Ltd. An attacker can use this vulnerability to insert XSS execution code into the page "/login.php?pMessage=", perform pop-up operations, and obtain sensitive information such as user cookies.
POC:
</script><script>[window["location"]="javascript:alert(/xss/)"]</script>
And
</script><script>[window["location"]="javascript:alert(document.cookie)"]</script>
The text was updated successfully, but these errors were encountered:
**Exploit Title:**VoIP simpliclty of Zed-3 is vulnerable to Cross Site Scripting (XSS)
Company to which the vulnerability belongs: Beijing Zed-3 Technologies Co.,Ltd
**Date:**10/20/2022
Vendor Homepage: www.zed-3.com
ASG Version: 8.5.0.17807 (20181130-16:12)
CVE-2022-44235
**Discoverer:**Yuan Lirong
Attack vector(s):
Beijing Zed-3 Technologies Co.,Ltd. is a high-tech enterprise founded by high-tech talents.
There is an XSS vulnerability in the VoIP simplilty developed by Beijing Zed-3 Technologies Co.,Ltd. An attacker can use this vulnerability to insert XSS execution code into the page "/login.php?pMessage=", perform pop-up operations, and obtain sensitive information such as user cookies.
POC:
</script><script>[window["location"]="javascript:alert(/xss/)"]</script>
And
</script><script>[window["location"]="javascript:alert(document.cookie)"]</script>
The text was updated successfully, but these errors were encountered: