October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1. Description: Front-end user...

October CMS User 1.4.5 Cross Site Scripting

Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Date: 2018-04-03 Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1. Description: Front-end user management for October CMS. Allows...

October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting

Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Date: 2018-04-03 Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1. Description: Front-end user management for October CMS. Allows...

CVE-2018-10366

The CVE-2018-10366 entry corresponds to a stored/reflected Cross-Site Scripting (XSS) in the October CMS Users plugin (rainlab-user) version 1.4.5, where the name field is susceptible to XSS. The vulnerability is tied to the front-end user management feature and is active in 1.4.5 with PoC eviden...