A phishing victim can send an XSS payload that triggers in the SniperPhish admin panel.
As an example, this basic phishing landing page has a single form which accepts a username field from the phishing victim.
The XSS is triggered when the admin views the Campaign Results in the WebMailCmpDashboard page.
Unlike the previous XSS I reported, this stored XSS can be triggered by the external phishing victim (via submitted form field data) and can be used to target admin users.
A phishing victim can send an XSS payload that triggers in the SniperPhish admin panel.
As an example, this basic phishing landing page has a single form which accepts a username field from the phishing victim.
The XSS is triggered when the admin views the Campaign Results in the
WebMailCmpDashboardpage.Unlike the previous XSS I reported, this stored XSS can be triggered by the external phishing victim (via submitted form field data) and can be used to target admin users.