Submit #175493: NodCMS 3.4.1 - Stored XSSinfo

TitelNodCMS 3.4.1 - Stored XSS
BeschreibungAuthor : skalvin aka (CraCkEr) Date : 28/06/2023 Website : https://nodcms.com/ - https://github.com/khodakhah/nodcms Vendor : NodCMS by Chic Theme Software : NodCMS 3.4.1 - Stored XSS Vuln Type: Stored XSS Impact : Manipulate the content of the site Release Notes: Allow Attacker to inject malicious code into website, give ability to steal sensitive information, manipulate data, and launch additional attacks. ## Stored XSS ------------------------------------------------------------ POST /en/blog-comment-4 HTTP/1.1 comment_name=[XSS Payload]&comment_content=[XSS Payload] ------------------------------------------------------------ POST parameter 'comment_name' is vulnerable to XSS POST parameter 'comment_content' is vulnerable to XSS ## Steps to Reproduce: 1. Surf (as Guest) "Without Register on Website" 2. Go to [Blog] on this Path (https://website/en/blog) 3. Click [Send a comment] 4. Inject your [XSS Payload] in "Name" 5. Inject your [XSS Payload] in "Comment" 6. Send 7. XSS will Fire & Execute in the visitor's Browser when they visit the page you comment on 6. When ADMIN Visit [Client's Comments] to Check [Blog comments list] in Administration Panel on this Path (https://website/admin-blog/comments 8. XSS will Fire & Executed on his Browser [-] Done
Benutzer
 skalvin (UID 49463)
Einreichung28.06.2023 20:49 (vor 3 Jahren)
Moderieren12.07.2023 18:09 (14 days later)
StatusAkzeptiert
VulDB Eintrag233887 [khodakhah NodCMS 3.4.1 POST Request /en/blog-comment-4 comment_name/comment_content Cross Site Scripting]
Punkte17

Interested in the pricing of exploits?

See the underground prices here!