| Título | vmsman.io VMSMan NA Cross Site Scripting |
|---|
| Descripción | Vendor: http://vmsman.io/
Google Dork: intitle:VMSMan.io
Vulnerability Type: Reflected Cross-Site Scripting (XSS)
Proof of Concept (PoC):
Access the following URL and inject the payload into the email
http://x.x.x.x/vmsman/login.php
Payload: "><script>alert(1)</script>
When the payload is submitted, an alert box is triggered, confirming that the input is not properly sanitized and the application is vulnerable to XSS.
Impact:
An attacker could craft a malicious URL and trick users into clicking it, leading to the execution of arbitrary JavaScript code in the victim's browser. This may result in session hijacking, credential theft, or other client-side attacks. |
|---|
| Fuente | ⚠️ http://x.x.x.x/vmsman/login.php |
|---|
| Usuario | elsec (UID 84295) |
|---|
| Sumisión | 2025-04-16 20:41 (hace 1 Año) |
|---|
| Moderación | 2025-04-29 07:39 (12 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 306512 [VMSMan hasta 20250416 /login.php Email secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 20 |
|---|