Open elongstreet88 opened 11 months ago
You can execute a xss using at least the header url param (didnt check others, but assume the same for anything page rendering).
Ex: http://localhost:2222/ssh/host/mydevice.local?header=<img src=x onerror=alert('XSS')>
http://localhost:2222/ssh/host/mydevice.local?header=<img src=x onerror=alert('XSS')>
Output:
The params would need to be sanitized properly to avoid rendering on the page.
You can execute a xss using at least the header url param (didnt check others, but assume the same for anything page rendering).
Ex:
http://localhost:2222/ssh/host/mydevice.local?header=<img src=x onerror=alert('XSS')>Output:
The params would need to be sanitized properly to avoid rendering on the page.