4 matches found
CMSuno 1.7 Cross Site Scripting
Exploit Title: CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting XSS Authenticated Date: 03-08-2021 Exploit Author: splint3rsec Vendor Homepage: https://github.com/boiteasite Software Link: https://github.com/boiteasite/cmsuno Affected Versions: CMSuno 1.7 and prior CVE : CVE-2021-36654 CMSuno versi...
CMSuno 1.7 - (tgo) Stored Cross-Site Scripting (Authenticated) Vulnerability
Exploit Title: CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting XSS Authenticated Exploit Author: splint3rsec Vendor Homepage: https://github.com/boiteasite Software Link: https://github.com/boiteasite/cmsuno Affected Versions: CMSuno 1.7 and prior CVE : CVE-2021-36654 CMSuno version 1.7 and prior ...
CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting (XSS) (Authenticated)
Exploit Title: CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting XSS Authenticated Date: 03-08-2021 Exploit Author: splint3rsec Vendor Homepage: https://github.com/boiteasite Software Link: https://github.com/boiteasite/cmsuno Affected Versions: CMSuno 1.7 and prior CVE : CVE-2021-36654 CMSuno versi...
CVE-2021-36654
CMSuno 1.7 (and earlier) is affected by an authenticated stored cross-site scripting (XSS) vulnerability. The flaw occurs in the theme update flow when the attacker can modify the filename parameter (tgo) during a template image name submission, injecting payloads via the tgo parameter to trigger...