Lucene search
Aggressiveuser44D40F34-C391-40C0-A517-12A2C0258149HistoryFeb 20, 2022 - 5:33 p.m.
Cross-site Scripting (XSS) - Stored
2022-02-2017:33:18
aggressiveuser
www.huntr.dev
10
0.002 Low
EPSS
Percentile
60.5%
Description
Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.
Proof of Concept
Steps to Reproduce:-
=> Install the WebApp and Setup it
=> Login in to webAPP using Admin Creds.
=> Navigate to "http://localhost/MineWebCMS-1.15.2/admin/navbar"
=> Add/Edit a Link Select "Drop-Down Menu"
=> "Link Name" and "URL" Both Input are Vulnerable to Exploit Simple XSS
=> Payload : <script>alert(1);</script>
=> XSS will trigger on "http://localhost/MineWebCMS-1.15.2/" Aka WebApp HOME Page
Note : As you can see this simple payload working in those two inputs as normally . Whole WebApp Admin Input Structure is allow to do HTML Injection or XSS Injection
Here i attach two ScreenShot for Easy UnderStand
Impact
If an attacker can control a script that is executed in the victim’s browser, then they can typically fully compromise that user.
Related
packetstorm
packetstorm
minewebcms 1.15.2 Cross Site Scripting
2022-04-07 00:00:00
cve
cve
CVE-2022-1163
2022-03-30 07:15:07
nvd
nvd
CVE-2022-1163
2022-03-30 07:15:07
zdt
zdt
minewebcms 1.15.2 - Cross-site Scripting Vulnerability
2022-04-07 00:00:00
prion
prion
Cross site scripting
2022-03-30 07:15:00
osv
osv
CVE-2022-1163
2022-03-30 07:15:07
cvelist
cvelist
CVE-2022-1163 Cross-site Scripting (XSS) - Stored in mineweb/minewebcms
2022-03-30 06:45:14
exploitdb
exploitdb
minewebcms 1.15.2 - Cross-site Scripting (XSS)
2022-04-07 00:00:00