| Title | vmsman.io VMSMan NA Cross Site Scripting |
|---|
| Description | Vendor: http://vmsman.io/
Google Dork: intitle:VMSMan.io
Vulnerability Type: Reflected Cross-Site Scripting (XSS)
Proof of Concept (PoC):
Access the following URL and inject the payload into the email
http://x.x.x.x/vmsman/login.php
Payload: "><script>alert(1)</script>
When the payload is submitted, an alert box is triggered, confirming that the input is not properly sanitized and the application is vulnerable to XSS.
Impact:
An attacker could craft a malicious URL and trick users into clicking it, leading to the execution of arbitrary JavaScript code in the victim's browser. This may result in session hijacking, credential theft, or other client-side attacks. |
|---|
| Source | ⚠️ http://x.x.x.x/vmsman/login.php |
|---|
| User | elsec (UID 84295) |
|---|
| Submission | 04/16/2025 20:41 (1 Year ago) |
|---|
| Moderation | 04/29/2025 07:39 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 306512 [VMSMan up to 20250416 /login.php Email cross site scripting] |
|---|
| Points | 20 |
|---|