You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I couldn't find any contact information of @gamonoid on their github profile page so creating an issue here.
Description:
IceHRM application is vulnerable to Reflected cross-site Scripting vulnerability. This is due to the application not properly sanitizing the user input in next parameter on the login page.
Steps to reproduce:
Visit the below URL from firefox: https://icehrm.com/app/<any_nickname>/login.php?next=testingforbugs%22%20accesskey=%22x%22%20onclick%3d%22alert(document.domain)
Once the above page loads click ALT+SHIFT+X (Windows) or CTRL+ALT+X (OS X)
Hi Team,
I couldn't find any contact information of @gamonoid on their github profile page so creating an issue here.
Description:
IceHRM application is vulnerable to Reflected cross-site Scripting vulnerability. This is due to the application not properly sanitizing the user input in
nextparameter on the login page.Steps to reproduce:
ALT+SHIFT+X(Windows) orCTRL+ALT+X(OS X)References:
https://portswigger.net/research/xss-in-hidden-input-fields
POC:
The text was updated successfully, but these errors were encountered: