EMF [Email Me Form] XSS Vulnerability

 


Hello Everyone, I found multiple XSS vulnerabilities at EMF Email Me Form.

EmailMeForm is The Web's #1 form and survey builder.
 
 
XSS 1
 
I'm creating a form with emf and like previous finding I change the title with xss payload xss executed.
 
 
 XSS 2 

Next I edit a success message with xss script when anyone complete the form, xss script runs.
 
 
 XSS 3 

Now I add the Browse or Upload button field in my form and fill the form as a visitor and upload "xml"&"html" file In which I write xss script and complete the form and submit. I go to form manage tab where I receive my own completed form and a file "xml&html" clickable link when I click this link xss runs.
Prevention: File Should download.
 
I reported this to EMF.EMF fix these bugs and 'Thanks' me but One bug is still unfixed.
 

Comments

Popular posts from this blog

XSS like a Pro

Email Spoofing for Beginners

DoS on WAF Protected Sites by Abusing Cookie