15 lines
614 B
Text
Executable file
15 lines
614 B
Text
Executable file
# Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing!
|
|
# Discovered by: Provensec
|
|
# Website: http://www.provensec.com
|
|
# Author: Provensec Labs
|
|
# Type of vulnerability: XSS Stored
|
|
# Description:
|
|
|
|
1 Goto http://server add a new lead fill all the fields properly but Fill the email filed with xss payload as given in the screenshot
|
|
http://prntscr.com/4lf043
|
|
|
|
payload used "><img src=d onerror=confirm(/provensec/);>
|
|
|
|
2 click save and close button
|
|
|
|
http://prntscr.com/4lf0ej
|