| عنوان | vmsman.io VMSMan NA Cross Site Scripting |
|---|
| الوصف | Vendor: http://vmsman.io/
Google Dork: intitle:VMSMan.io
Vulnerability Type: Reflected Cross-Site Scripting (XSS)
Proof of Concept (PoC):
Access the following URL and inject the payload into the email
http://x.x.x.x/vmsman/login.php
Payload: "><script>alert(1)</script>
When the payload is submitted, an alert box is triggered, confirming that the input is not properly sanitized and the application is vulnerable to XSS.
Impact:
An attacker could craft a malicious URL and trick users into clicking it, leading to the execution of arbitrary JavaScript code in the victim's browser. This may result in session hijacking, credential theft, or other client-side attacks. |
|---|
| المصدر | ⚠️ http://x.x.x.x/vmsman/login.php |
|---|
| المستخدم | elsec (UID 84295) |
|---|
| ارسال | 16/04/2025 08:41 PM (1 سنة منذ) |
|---|
| الاعتدال | 29/04/2025 07:39 AM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 306512 [VMSMan حتى 20250416 /login.php Email البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|