Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Hi for all,
My name is Luis Eduardo Jácome V.(a.k.a Mortal_Poison) and I find a vulnerability(gXSS and pXSS) in Genesys eServices Chat that affects the versions 8.x.x.
First of all, if you find Genesys eServices Chat with "<!-- Version -->" in the HTML Source, is vulnerable:
A small PoC(for versions 8.1.x):
The problem is that application not sanitize correctly the "values" of form(HtmlChatFrameSet.jsp and/or HtmlChatPanel.jsp).
The file changes with respect to the version of Genesys eServices Chat. However, in any of the versions, the form is not validated.
For versions with HTML Source "<!-- Version -->", you can execute the next payload:
If the request is made by POST method, you should see something like the following (may vary, depending on the fields of the form):
In the part of %Inject_Here% you have to inject the malicious payload as for example: </Script/><Script/>(confirm)(1)</Script/>
You must insert it without the "%".
Remember that you must capture it with an application that intercepts requests, in my case, BurpSuite.
The product is used by many companies, however, not all are indexed by search engines.
Twitter: @Mortal_Poison_
Web Page:
Affected versions:
Genesys eServices Chat 8.x.x
Tested on:
Firefox 50.0 and 60.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment