Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Content Management System 1.0 Cross Site Scripting

๐Ÿ—“๏ธย 17 Dec 2020ย 00:00:00Reported byย ZhayiTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 132ย Views

Content Management System 1.0 Cross Site Scripting vulnerability in 'First Name' fiel

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`# Exploit Title:Content Management System 1.0 - 'First Name' Stored XSS  
# Exploit Author: Zhayi (Zeo)  
# Date: 2020-12-14  
# Vendor Homepage: https://www.sourcecodester.com/php/14625/content-management-system-using-phpmysqli-source-code.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=14625&title=Content+Management+System+using+PHP%2FMySQLi+with+Source+Code  
# Affected Version: Version 1  
# Tested on: WINDOWS 10  
  
Step 1: Log in to the CMS with any valid user credentials.  
Step 2: Click on the logged in username on header and select Manage Account.  
Step 3: Rename the user First Name to  
"<script>alert(document.domain)</script>".  
Step 4: Update Profile and this will trigger the XSS.  
Step 5: Logout and login again and the page will display the domain name.  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
17 Dec 2020 00:00Current
cross site scriptingcontent management systemstored xsssource codephpmysqli
132
.json
Report