VirtueMart 3.1.14 - Persistent Cross-Site Scripting

VirtueMart 3.1.14 - Persistent Cross-Site Scripting Exploit Title: VirtueMart 3.1.14 - Persistent Cross-Site Scripting Date: 2018-02-25 Software Link: http://virtuemart.net/ Exploit Author: Mattia Furlani CVE: CVE-2018-7465 Category: webapps 1. Description An XSS issue was discovered in VirtueMar...

VirtueMart 3.1.14 - Persistent Cross-Site Scripting

Exploit Title: VirtueMart 3.1.14 - Persistent Cross-Site Scripting Date: 2018-02-25 Software Link: http://virtuemart.net/ Exploit Author: Mattia Furlani CVE: CVE-2018-7465 Category: webapps 1. Description An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the admin area...

CVE-2018-7465

An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the , leading to a possible XSS...

CVE-2018-7465

VirtueMart 3.x (pre-3.2.14) has a persistent XSS in the admin/backend textareas: an attacker can inject into textarea values, and after saving/editing the product/config, the browser executes the injected script. Campaigns and PoCs in multiple sources confirm the vulnerability, with remediation ...