CMU CERT/CC VINCE 2.0.6 - Stored XSS

Exploit Tile: CMU CERT/CC VINCE 2.0.6 - Stored XSS Vendor: Carnegie Mellon University Product web page: https://www.kb.cert.org/vince/ Affected version: -H "Cookie: sessionid=xxxx" \ -d 'content="ZSL%0A%0A&csrfmiddlewaretoken=xxx&paginateby=10&replyto=xxxxx'...

CMU CERT/CC VINCE 2.0.6 Cross Site Scripting

Carnegie Mellon University CERT/CC VINCE version 2.0.6 framework suffers from an authenticated stored cross site scripting vulnerability. Input passed to the content POST parameter is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code...