header-logo
Suggest Exploit
vendor:
WebSocket Live Chat
by:
Alireza Norkazemi
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: WebSocket Live Chat
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2018

WebSocket Live Chat – Cross-Site Scripting

An attacker can inject malicious JavaScript code into the Status box of the WebSocket Live Chat application, which will be executed when someone opens the profile of the attacker.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the application.
Source

Exploit-DB raw data:

# Exploit Title: WebSocket Live Chat - Cross-Site Scripting
# Date: 2018-05-22
# Exploit Author: Alireza Norkazemi
# Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?s_rank=1
 
# POC :
1) Create your account and click setting icon and go to profile
2) Put this payload into Status box :
<script>alert('xss')</script>
3) The payload will be executed if someone opens your profile

Navigation

Suggest Exploit

Services By CQR