vulnerability cross site scripting
severity 7
language javascript
registry other

✍️ Description

Stored xss callender title

🕵️‍♂️ Proof of Concept

First goto and create a new appointment. During creation put xss payload xss"'><img src=x onerror=alert()> in Title field and save it . Now open callender by going and see xss is executed



💥 Impact

xss attack