Lucene search
Rahad ChowdhuryPACKETSTORM:172468HistoryMay 19, 2023 - 12:00 a.m.
ChurchCRM 4.5.4 Cross Site Scripting
2023-05-1900:00:00
Rahad Chowdhury
packetstormsecurity.com
181
churchcrm 4.5.4
authenticated
reflected cross site scripting
image
security vulnerability
csv import
cve-2023-31699
admin panel
0.001 Low
EPSS
Percentile
25.8%
`# Exploit Title: ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)
# Date: 2023-04-17
# Exploit Author: Rahad Chowdhury
# Vendor Homepage: http://churchcrm.io/
# Software Link: https://github.com/ChurchCRM/CRM/releases/tag/4.5.4
# Version: 4.5.4
# Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53
# CVE: CVE-2023-31699
Steps to Reproduce:
1. At first login your admin panel.
2. Then click "Admin" menu and click "CSV Import" and you will get CSV file
uploder option.
3. now insert xss payload in jpg file using exiftool or from image
properties and then upload the jpg file.
4. you will see XSS pop up.
`
Related
cnvd
cnvd
ChurchCRM Cross-Site Scripting Vulnerability (CNVD-2023-64495)
2023-05-19 00:00:00
cve
cve
CVE-2023-31699
2023-05-17 13:15:09
osv
osv
CVE-2023-31699
2023-05-17 13:15:09
nvd
nvd
CVE-2023-31699
2023-05-17 13:15:09
zdt
zdt
ChurchCRM 4.5.4 Cross Site Scripting Vulnerability
2023-05-19 00:00:00
cvelist
cvelist
CVE-2023-31699
2023-05-17 00:00:00
prion
prion
Cross site scripting
2023-05-17 13:15:00
exploitdb
exploitdb
ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)
2023-05-23 00:00:00