3 matches found
Sahi Pro 8.x Cross Site Scripting
Exploit Title: Sahi pro alertdocument.cookie”.start; log“testing stored XSS injection”; $tc1.end; Step 2 : Execute the created script poc.sah using sahi GUI controller . Step 3 : navigate to the web logs console http://:/logs using the browser for the executed script. XSS is triggered...
Sahi pro 8.x - Cross-Site Scripting
Sahi pro 8.x - Cross-Site Scripting Exploit Title: Sahi pro alertdocument.cookie”.start; log“testing stored XSS injection”; $tc1.end; Step 2 : Execute the created script poc.sah using sahi GUI controller . Step 3 : navigate to the web logs console http://:/logs using the browser for the executed...
CVE-2018-20472
CVE-2018-20472 affects Tyto Sahi Pro up to 8.0.0, where the logs web interface is vulnerable to stored XSS via the Description parameter of Testcase API. The issue is demonstrated by public PoCs/exploits (e.g., Sahi Pro 8.x Cross‑Site Scripting references and exploit disclosures). Public records ...