PureChat is Vulnerable to XSS , Users At RISK

 Today i am here to share one of my finding in top Chat Box , Know as PURECHAT 
May be you heard but may be not , So here i am sharing my finding 
 Purechat is  Live chat for websites .

It is Vulnerable to XSS , and i reported but didnt get a valid response from team.
You Can Follow my steps on the main site chatbox too   (https://www.purechat.com/)  and also you can try on every user of Purechat , mean every client who is using PureChat Box .

Here i choose go to Purechat.com

Here if we see at right side down ,  we got purechat box , now i have a payload to test for XSS .

"><img src=x onerror=prompt(1)>

i will put this in the section of Name , and Feedback Field 

Now When I click on Start Chat , It Pop Up , it mean that the Chat Box is Vulnerable to XSS

Here You can see that the payload is successfully executed and worked ,

It mean every "PureChat User is Vulnerable to XSS " and Every User can be attacked .

Note: I reported this bug last month , they are just mailing me that we are working and working but now from last month i emailed they are not responding .

Hope You Like It , Share it with XSS Lovers <3

Milan Tomic

Hi. I’m Designer of Blog Magic. I’m CEO/Founder of ThemeXpose. I’m Creative Art Director, Web Designer, UI/UX Designer, Interaction Designer, Industrial Designer, Web Developer, Business Enthusiast, StartUp Enthusiast, Speaker, Writer and Photographer. Inspired to make things looks better.

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment


Post a Comment