WolfCMS 0.8.3.1 Cross Site Scripting

2019-05-11T00:00:00
ID PACKETSTORM:152828
Type packetstorm
Reporter Pramod Rana
Modified 2019-05-11T00:00:00

Description

                                        
                                            `Description: WolfCMS v0.8.3.1 and before is vulnerable to cross site  
scripting in User Add module for parameter Name.  
  
Impacted URL is http://[your_webserver_ip]/wolfcms/?/admin/user/add  
  
Payload used is "TestXSS><img src=x onmousover=alert(document.cookie)>  
  
Further details: https://github.com/wolfcms/wolfcms/issues/683  
  
Already requested for CVE, yet to receive it.  
  
  
`