Headline
CVE-2021-46558: GitHub - Zeyad-Azima/Issabel-stored-XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields.
main
Switch branches/tags
1 branch 0 tags
Code
Latest commit
Zeyad-Azima Update README.md
31874b5
Feb 14, 2022
Update README.md
31874b5
Git stats
- 5 commits
Files
Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
README.md
Update README.md
Feb 14, 2022
issabel_poc.png
Add files via upload
Jan 23, 2022
Issabel-stored-XSS(CVE-2021-46558.) Reproduce PoC
README.md
Issabel-stored-XSS(CVE-2021-46558.)
Issabel PBX 20200102 is vulnerable to stored cross-site-scripting through add new user function
Reproduce
- first go to add new user and add it as the following '"><script>alert(1)</script>
- put it in the username and password & description
- now login with the user using the payload
- you will be able to see that our code have been executed
PoC
About
No description, website, or topics provided.
Resources
Readme
Stars
0 stars
Watchers
1 watching
Forks
0 forks
Releases
No releases published
Packages
No packages published