EMF [Email Me Form] XSS Vulnerability

EmailMeForm is The Web's #1 form and survey builder.
XSS 1
I'm creating a form with emf and like previous finding I change the title with xss payload xss executed.
XSS 2
Next I edit a success message with xss script when anyone complete the form, xss script runs.

XSS 3
Now I add the Browse or Upload button field in my form and fill the form as a visitor and upload "xml"&"html" file In
which I write xss script and complete the form and submit. I go to form
manage tab where I receive my own completed form and a file
"xml&html" clickable link when I click this link xss runs.
Prevention: File Should download.
I reported this to EMF.EMF fix these bugs and 'Thanks' me but One bug is still unfixed.
Comments
Post a Comment