Blind/Persistent XSS Vulnerability in Blinger.io v.1.0.2519

Blind/Persistent XSS Vulnerability in Blinger.io v.1.0.2519

CVE-2019-13633 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.

Learn more about our Web Application Penetration Testing UK.