Cross-site Scripting (XSS) - Generic in boxbilling/boxbilling


Reported on

Apr 17th 2021

✍️ Description

Cross site scripting via redirect url

🕵️‍♂️ Proof of Concept

goto your boxbilling account and visit . here put xss paylaod xss"'><img src=x onerror=alert()> in the redirect url field After saved you can see xss is executed

Video Poc -->

💥 Impact

xss attack

to join this conversation