{"hash": "02a8a9c3b78390737bcd67a87e5c554dbf0dce7489d7356a00f3141f9ca0b038", "id": "1337DAY-ID-23941", "lastseen": "2018-01-03T15:10:57", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "b1c88b6103cad1a289e9f1b312f59ba0", "key": "href"}, {"hash": "17349f1b1e2a055ccd1d9afb78ddc399", "key": "modified"}, {"hash": "17349f1b1e2a055ccd1d9afb78ddc399", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "ab901e06d3be5c19ba161d1de1eb4348", "key": "reporter"}, {"hash": "9fe2c3abb6ff72e57a55f982d9ca3f2b", "key": "sourceData"}, {"hash": "0399debb87dda93fc8702ea460d6f8a5", "key": "sourceHref"}, {"hash": "2bae9ccf27ecef9510e7896b4e51571e", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"vulnersScore": 7.5}, "type": "zdt", "sourceHref": "https://0day.today/exploit/23941", "description": "Exploit for php platform in category web applications", "title": "Tendoo CMS 1.3 - XSS Vulnerabilities", "history": [{"bulletin": {"hash": "57cf7b7e9efb4036b109c43122d2627e064596d672c2fa8c0a964466d90e8dae", "id": "1337DAY-ID-23941", "lastseen": "2016-04-20T01:49:22", "enchantments": {"score": {"value": 4.3, "modified": "2016-04-20T01:49:22"}}, "hashmap": [{"hash": "14609a06e0dd9c213d95e683bb9797b8", "key": "href"}, {"hash": "2bae9ccf27ecef9510e7896b4e51571e", "key": "title"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "17349f1b1e2a055ccd1d9afb78ddc399", "key": "modified"}, {"hash": "17349f1b1e2a055ccd1d9afb78ddc399", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "ab901e06d3be5c19ba161d1de1eb4348", "key": "reporter"}, {"hash": "cd6491e075798b395e1ab2ba31af563c", "key": "sourceHref"}, {"hash": "41acbfaba255733bf214cfb03706ef1e", "key": "sourceData"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/23941", "description": "Exploit for php platform in category web applications", "viewCount": 0, "title": "Tendoo CMS 1.3 - XSS Vulnerabilities", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "# Exploit Title: Tendoo CMS Stored And Reflected Xss Vulnerability\r\n# Google Dork: N/A\r\n# Date: 28/7/2015\r\n# Exploit Author: Arash Khazaei\r\n# Vendor Homepage: http://tendoo.org/\r\n# Software Link: http://sourceforge.net/projects/tendoo-cms/\r\n# Version: 1.3\r\n# Tested on: Kali , Windows\r\n# CVE : N/A\r\n# Contact : 0xclay@gmail.com\r\n \r\n######################\r\nIntroduction :\r\na Stored And a Reflected XSS Vulnerability In Profile Area In Tendoo CMS\r\nMake CMS Vulnerable And Can Be Used For Stealing Admin Cookies And ....... .\r\n######################\r\n \r\nStored Xss In http://localhost/tendoo/index.php/account/update In First\r\nName and Last Name Inputs\r\nExcute Java Script Codes And If Admin Or Any Body Come In Attacker Profile\r\nWhen First Name And Last Name Loads\r\nJavaScripts Code Will Be Excuted\r\nPOC :\r\n \r\nhttps://i.leetfil.es/e992ad2d.jpg\r\n \r\nReflected Xss In http://localhost/tendoo/index.php/account/update?info=\r\nInput Make Execute JavaScripts Codes\r\nPOC :\r\nhttps://i.leetfil.es/454570b1.jpg\r\n \r\nYou Can See Javascript Alerts In Pictures .\r\n \r\nDiscovered By Arash Khazaei\n\n# 0day.today [2016-04-20] #", "published": "2015-07-30T00:00:00", "references": [], "reporter": "Arash Khazaei", "modified": "2015-07-30T00:00:00", "href": "http://0day.today/exploit/description/23941"}, "lastseen": "2016-04-20T01:49:22", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "# Exploit Title: Tendoo CMS Stored And Reflected Xss Vulnerability\r\n# Google Dork: N/A\r\n# Date: 28/7/2015\r\n# Exploit Author: Arash Khazaei\r\n# Vendor Homepage: http://tendoo.org/\r\n# Software Link: http://sourceforge.net/projects/tendoo-cms/\r\n# Version: 1.3\r\n# Tested on: Kali , Windows\r\n# CVE : N/A\r\n# Contact : [email\u00a0protected]\r\n \r\n######################\r\nIntroduction :\r\na Stored And a Reflected XSS Vulnerability In Profile Area In Tendoo CMS\r\nMake CMS Vulnerable And Can Be Used For Stealing Admin Cookies And ....... .\r\n######################\r\n \r\nStored Xss In http://localhost/tendoo/index.php/account/update In First\r\nName and Last Name Inputs\r\nExcute Java Script Codes And If Admin Or Any Body Come In Attacker Profile\r\nWhen First Name And Last Name Loads\r\nJavaScripts Code Will Be Excuted\r\nPOC :\r\n \r\nhttps://i.leetfil.es/e992ad2d.jpg\r\n \r\nReflected Xss In http://localhost/tendoo/index.php/account/update?info=\r\nInput Make Execute JavaScripts Codes\r\nPOC :\r\nhttps://i.leetfil.es/454570b1.jpg\r\n \r\nYou Can See Javascript Alerts In Pictures .\r\n \r\nDiscovered By Arash Khazaei\n\n# 0day.today [2018-01-03] #", "published": "2015-07-30T00:00:00", "references": [], "reporter": "Arash Khazaei", "modified": "2015-07-30T00:00:00", "href": "https://0day.today/exploit/description/23941"}

{"result": {}}