Reflected XSS via the sxcver parameter on the /DesktopModles/tosic_sexycontent/dist/dnn/ui.html page by using the payload:
"><IMG%20SRC=%23%20onerror="alert('xss')">
2SIC was very fast to respond and super great to work with! This has been remediated with this update here: (https://github.com/2sic/eav-item-dialog-angular/blob/develop/projects/ng-dialogs/src/index.html#L33-L42) and they published a helpful notice on their blog here: (https://2SXC.org/en/blog/post/2sxc-security-notification-2021-001)
No comments:
Post a Comment