Cross-site Scripting (XSS) - Stored in polonel/trudesk
Jun 14th 2021
Stored xss using fullname
💥 STEP TO REPRODUCE
1. First goto
http://localhost:8118/settings/general from admin account and grab your ticketing url
2. Now as external user open above ticketing url and create a new ticket . During creation put bellow xss payload in
fullname field .
payload-->xss"'><img src=x onerror=alert(document.domain)>
3. Now goto admin account and view the above ticket and see xss is executed.
💥 VIDEO POC