Reflected XSS in meraki.cisco.com

I have tried a few times, but finally managed to execute JavaScript code in meraki.com

Steps to reproduce:

1. Sign up – https://meraki.cisco.com/form/systems-manager-signup

2. Navigate to “Configure” -> “Alerts” and in the “Software is installed matching the following expression” field with box checked type the following payload:

<img/src="x"onerror=alert('http://lubi.cz'&#x29;>

3. Click “Save Changes”. JavaScript code will execute.

Timeline:

[November 2nd 2013] - bug was reported
[November 26th 2013] - bug was fixed

 

Leave a Reply

Your email address will not be published. Required fields are marked *