| タイトル | vmsman.io VMSMan NA Cross Site Scripting |
|---|
| 説明 | Vendor: http://vmsman.io/
Google Dork: intitle:VMSMan.io
Vulnerability Type: Reflected Cross-Site Scripting (XSS)
Proof of Concept (PoC):
Access the following URL and inject the payload into the email
http://x.x.x.x/vmsman/login.php
Payload: "><script>alert(1)</script>
When the payload is submitted, an alert box is triggered, confirming that the input is not properly sanitized and the application is vulnerable to XSS.
Impact:
An attacker could craft a malicious URL and trick users into clicking it, leading to the execution of arbitrary JavaScript code in the victim's browser. This may result in session hijacking, credential theft, or other client-side attacks. |
|---|
| ソース | ⚠️ http://x.x.x.x/vmsman/login.php |
|---|
| ユーザー | elsec (UID 84295) |
|---|
| 送信 | 2025年04月16日 20:41 (1 年 ago) |
|---|
| モデレーション | 2025年04月29日 07:39 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 306512 [VMSMan 迄 20250416 /login.php Email クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|