N/A

Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger reflected XSS.

N/A

N/A

Tyto Software Sahi Pro 跨站脚本漏洞

Tyto Software Sahi Pro是印度Tyto Software公司的一套自动化测试工具。 Tyto Software Sahi Pro 8.x版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

N/A

N/A