Cross-site Scripting (XSS) - Generic in mailtrain-org/mailtrainValid
Apr 19th 2021
Stored xss via campaign file upload
🕵️♂️ Proof of Concept
- First goto http://localhost:3000/campaigns and open a campaign . 2.Now in linux create a file with bellow name.
- Now upload the created file in the above capaign http://localhost:3000/campaigns/1/files and see xss is executed
xss"'><img src=x onerror=alert(document.domain)>.svg