Lucene search
0xB9EXPLOITPACK:C9F659FD9971416FA1E464D7812AE739HistoryApr 26, 2018 - 12:00 a.m.
October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting
2018-04-2600:00:00
0xB9
9
0.001 Low
EPSS
Percentile
33.4%
October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting
# Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting
# Date: 2018-04-03
# Author: 0xB9
# Software Link: https://octobercms.com/plugin/rainlab-user
# Version: 1.4.5
# Tested on: Ubuntu 17.10
# CVE: CVE-2018-10366
#1. Description:
Front-end user management for October CMS. Allows visitors to create a website.
#2. Proof of Concept:
Persistent XSS
- Go to the account page localhost/OctoberCMS/account/
- Register & enter the following for your full name <p """><SCRIPT>alert("XSS")</SCRIPT>">
- You will be alerted everytime you visit the account page localhost/OctoberCMS/account/
#3. Solution:
Update to 1.4.6Related
cve
cve
CVE-2018-10366
2018-04-25 09:29:00
cvelist
cvelist
CVE-2018-10366
2018-04-25 09:00:00
prion
prion
Design/Logic Flaw
2018-04-25 09:29:00
osv
osv
CVE-2018-10366
2018-04-25 09:29:00
User Plugin for October CSS Allows XSS
2022-05-14 03:21:09
nvd
nvd
CVE-2018-10366
2018-04-25 09:29:00
zdt
zdt
veracode
veracode
Cross-site Scripting (XSS)
2018-04-26 03:14:06
github
github
User Plugin for October CSS Allows XSS
2022-05-14 03:21:09
packetstorm
packetstorm
October CMS User 1.4.5 Cross Site Scripting
2018-04-26 00:00:00
exploitdb
exploitdb
October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting
2018-04-26 00:00:00