boxbilling

vulnerability cross site scripting
severity 7.1
language php
registry other

✍️ Description

Xss via support ticket

🕵️‍♂️ Proof of Concept

login into your boxbilling account and create support ticket . put bellow xss payload in support ticket [click-me](javascript://%0d%0aalert(document.domain)) Now save the link and click the and see xss is executed

#Video Poc--> https://drive.google.com/file/d/1dfhfoP0D9fmU9G4b6Kv-2B5kSWQAJ8Rc/view?usp=sharing

💥 Impact

xss attack