XSS Vulnerability in login.php
paul-tharun opened this issue · 1 comments
paul-tharun commented
The username and password parameters are returned without sanitization to the user.
Working Example:
https://demo.cloud.goautodial.com/login.php?username=agent007%22%3E%3Cscript%3Ealert(123)%3C/script%3E&password=qwerty
demianb commented
Fix has been applied. Thank you for reporting this.