إرسال #175493: NodCMS 3.4.1 - Stored XSSالمعلومات

عنوانNodCMS 3.4.1 - Stored XSS
الوصفAuthor : skalvin aka (CraCkEr) Date : 28/06/2023 Website : https://nodcms.com/ - https://github.com/khodakhah/nodcms Vendor : NodCMS by Chic Theme Software : NodCMS 3.4.1 - Stored XSS Vuln Type: Stored XSS Impact : Manipulate the content of the site Release Notes: Allow Attacker to inject malicious code into website, give ability to steal sensitive information, manipulate data, and launch additional attacks. ## Stored XSS ------------------------------------------------------------ POST /en/blog-comment-4 HTTP/1.1 comment_name=[XSS Payload]&comment_content=[XSS Payload] ------------------------------------------------------------ POST parameter 'comment_name' is vulnerable to XSS POST parameter 'comment_content' is vulnerable to XSS ## Steps to Reproduce: 1. Surf (as Guest) "Without Register on Website" 2. Go to [Blog] on this Path (https://website/en/blog) 3. Click [Send a comment] 4. Inject your [XSS Payload] in "Name" 5. Inject your [XSS Payload] in "Comment" 6. Send 7. XSS will Fire & Execute in the visitor's Browser when they visit the page you comment on 6. When ADMIN Visit [Client's Comments] to Check [Blog comments list] in Administration Panel on this Path (https://website/admin-blog/comments 8. XSS will Fire & Executed on his Browser [-] Done
المستخدم
 skalvin (UID 49463)
ارسال28/06/2023 08:49 PM (3 سنوات منذ)
الاعتدال12/07/2023 06:09 PM (14 days later)
الحالةتمت الموافقة
إدخال VulDB233887 [khodakhah NodCMS 3.4.1 POST Request /en/blog-comment-4 comment_name/comment_content البرمجة عبر المواقع]
النقاط17

Do you want to use VulDB in your project?

Use the official API to access entries easily!