3 matches found
WSTMart 2.0.8 Cross Site Scripting
Exploit Title: WSTMart 2.0.8 - Cross-Site Scripting Date: 2018-12-23 Exploit Author: linfeng Vendor Homepage: https://github.com/wstmall/wstmart/ Software Link: http://www.wstmart.net/ Version: WSTMart 2.0.8181212 CVE: CVE-2018-20367 0x01 stored XSS PoC Function point: mall some commodity details...
CVE-2018-20367
The "mall some commodity details: commodity consultation" component in WSTMart 2.0.8181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI...
CVE-2018-20367
CVE-2018-20367 affects WSTMart 2.0.8_181212: the product consultation component stores user-supplied data in the consultContent parameter, enabling stored cross‑site scripting via POST to index.php/home/goodsconsult/add.html (evidence via multiple sources). The vulnerability is demonstrated by XS...