Reflected XSS in meraki.cisco.com

I have tried a few times, but finally managed to execute JavaScript code in meraki.com

Steps to reproduce:

1. Sign up – https://meraki.cisco.com/form/systems-manager-signup

2. Navigate to „Configure” -> „Alerts” and in the „Software is installed matching the following expression” field with box checked type the following payload:

<img/src="x"onerror=alert('http://lubi.cz'&#x29;>

3. Click „Save Changes”. JavaScript code will execute.

Timeline:

[November 2nd 2013] - bug was reported
[November 26th 2013] - bug was fixed

 

Dodaj komentarz

Twój adres email nie zostanie opublikowany. Pola, których wypełnienie jest wymagane, są oznaczone symbolem *