vulnerability cross site scripting
severity 7.6
language php
registry other

✍️ Description

Crss site scripting bug exist via file upload

🕵️‍♂️ Proof of Concept

  1. Upload a file and capture the request in burpsuite .
  2. Now change fullpath parameter value to xss payload in burpsuite and forward the request . and see xss is executed

Video poc


💥 Impact

XSS attack via file upload