You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Webasyst 2.9.9 has a Stored XSS vulnerability, An Attacker inject malicious javascript code in the "Instant messenger" field for a stored XSS, This can lead to privilege escalation of user to admin, and more.
Steps to reproduce:
Go to "My profile"
Click "Edit".
On the Instant messenger field, enter payload: "><script>alert(document.domain)</script>
Click Save then XSS will trigger.
Impact
The attacker can steal data from whoever checks his profile.
POC:
The text was updated successfully, but these errors were encountered:
Summary
Webasyst 2.9.9 has a Stored XSS vulnerability, An Attacker inject malicious javascript code in the "Instant messenger" field for a stored XSS, This can lead to privilege escalation of user to admin, and more.
Steps to reproduce:
Go to "My profile"
Click "Edit".
On the Instant messenger field, enter payload: "><script>alert(document.domain)</script>
Click Save then XSS will trigger.
Impact
The attacker can steal data from whoever checks his profile.
POC:
The text was updated successfully, but these errors were encountered: