| 제목 | vmsman.io VMSMan NA Cross Site Scripting |
|---|
| 설명 | Vendor: http://vmsman.io/
Google Dork: intitle:VMSMan.io
Vulnerability Type: Reflected Cross-Site Scripting (XSS)
Proof of Concept (PoC):
Access the following URL and inject the payload into the email
http://x.x.x.x/vmsman/login.php
Payload: "><script>alert(1)</script>
When the payload is submitted, an alert box is triggered, confirming that the input is not properly sanitized and the application is vulnerable to XSS.
Impact:
An attacker could craft a malicious URL and trick users into clicking it, leading to the execution of arbitrary JavaScript code in the victim's browser. This may result in session hijacking, credential theft, or other client-side attacks. |
|---|
| 원천 | ⚠️ http://x.x.x.x/vmsman/login.php |
|---|
| 사용자 | elsec (UID 84295) |
|---|
| 제출 | 2025. 04. 16. PM 08:41 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 04. 29. AM 07:39 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 306512 [VMSMan 까지 20250416 /login.php Email 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|