DaybydayCRM

vulnerability cross site scripting
severity 9.8
language javascript
registry other

✍️ Description

Stored xss via client CompanyName

🕵️‍♂️ Proof of Concept

First goto # ✍️ Description Stored xss

🕵️‍♂️ Proof of Concept

First goto http://127.0.0.1:8000/leads/create and create a new client . During creation put xss payload xss"'><img src=x onerror=alert()> in CompanyName field and save it . Now open client by going http://127.0.0.1:8000/clients and see xss is executed

Video POC-->

https://drive.google.com/file/d/1u5XmeLgj2-Sm2KkjJri-RisKNmwke8AX/view?usp=sharing

💥 Impact

xss attack