PMWeb PMWeb Version 7.2.00 stored XSS after bypassing the Web Application Firewallthông tin

tiêu đề	https://pmweb.com/ PMWeb PMWeb Version 7.2.00 stored XSS after bypassing the Web Application Firewall
Mô tả	We have identified a stored Cross-Site Scripting (XSS) vulnerability in this application. Initially, the Web Application Firewall (WAF) in place prevented us from executing JavaScript code. To demonstrate this, we will start with a basic XSS payload that the WAF blocks. Subsequently, we will present our custom advanced payload that successfully bypassed the WAF and resulted in a stored XSS in all input fields of the application. Let's proceed with the demonstration.
Nguồn	⚠️ https://mega.nz/file/nEcUTJxI#L2DCw4f4iwbXuErXlB1NRowprk1UZjWw6FtLgBgBpEA
Người dùng	ahmed8199 (UID 60803)
Đệ trình	28/07/2024 21:18 (cách đây 2 những năm)
Kiểm duyệt	04/08/2024 10:20 (7 days later)
Trạng thái	được chấp nhận
Mục VulDB	273559 [PMWeb 7.2.00 Web Application Firewall Tập lệnh chéo trang]
điểm	20

Interested in the pricing of exploits?

See the underground prices here!