pczupil
commented
4 years ago Thank you for the info Milad. We will have this fixed in our next release. I will keep this issue open until we have confirmed that the XSS has been removed.
Closed Fadavvi closed 1 year ago
pczupil
commented
4 years ago Thank you for the info Milad. We will have this fixed in our next release. I will keep this issue open until we have confirmed that the XSS has been removed.
Hi agian
Description : XSS in module name will prompt in all other pages of X2CRM CE V6.9
Sample Pic:
Payload to use : "><img src=x onerror=prompt('@darknetguy');>
Tested on Windows 10 Firefox | Google Chrome // Cent-OS 7 Firefox | Chromium
BR,
Milad Fadavvi