Subrion CMS 4.2.1 Cross-Site Scriptin
Reporter | Title | Published | Views | Family All 11 |
---|---|---|---|---|
0day.today | Subrion CMS 4.2.1 - Cross-Site Scripting Vulnerability | 6 Aug 201800:00 | – | zdt |
Packet Storm | Subrion CMS 4.2.1 Cross Site Scripting | 21 Aug 201800:00 | – | packetstorm |
Packet Storm | Subrion CMS 4.2.1 Cross Site Scripting | 6 Aug 201800:00 | – | packetstorm |
OSV | Subrion CMS Cross-site Scripting | 14 May 202202:00 | – | osv |
Prion | Cross site scripting | 2 Aug 201801:29 | – | prion |
NVD | CVE-2018-14840 | 2 Aug 201801:29 | – | nvd |
CVE | CVE-2018-14840 | 2 Aug 201801:29 | – | cve |
Veracode | Cross-site Scripting (XSS) | 3 Aug 201805:21 | – | veracode |
Github Security Blog | Subrion CMS Cross-site Scripting | 14 May 202202:00 | – | github |
Cvelist | CVE-2018-14840 | 2 Aug 201801:00 | – | cvelist |
# Exploit Title: [Subrion CMS- 4.2.1 XSS (Using component with known
Vulnerability)]
# Date: [02-08-2018]
# Exploit Author: [Zeel Chavda]
# Vendor Homepage: [https://subrion.org/]
# Software Link: [https://subrion.org/download/]
# Version: [4.2.1] (REQUIRED)
# Tested on: [Windows,FireFox]
# CVE : [CVE-2018-14840]
Steps: -
1. Create a file with XSS payload.
2. Save it with .html extension.
3. Upload via CKEditor manager and execute "file.html".
Reference: -
https://github.com/intelliants/subrion/commit/cb10ac2294cb2c3a6d2159f9a2bb8c58a2a10a47
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo