Lucene search
Mattia Furlani1337DAY-ID-29428HistoryJan 10, 2018 - 12:00 a.m.
Joomla Easydiscuss Component < 4.0.21 - Cross-Site Scripting Vulnerability
2018-01-1000:00:00
Mattia Furlani
0day.today
31
EPSS
0.001
Percentile
43.0%
Exploit for php platform in category web applications
# Exploit Title: Joomla Plugin Easydiscuss <4.0.21 Persistent XSS in Edit Message
# Software Link: https://stackideas.com/easydiscuss
# Exploit Author: Mattia Furlani
# CVE: CVE-2018-5263
# Category: webapps
1. Description
Whenever a user edits a message with <\textarea> inside the body, everything after the <\textarea> will be executed in the userβs browser. Works with every version up to 4.0.20
2. Proof of Concept
Login with permissions to post a message, insert <\textarea> in the body and add any html code after that, whenever a user tries to edit that message the code writed after you closed the textarea will be executed
3. Solution:
Update to version 4.0.21
https://stackideas.com/blog/easydiscuss4021-update
# 0day.today [2018-04-11] #Related
packetstorm
packetstorm
Joomla! Easydiscuss Cross Site Scripting
2018-01-11 00:00:00
cvelist
cvelist
CVE-2018-5263
2018-01-08 23:00:00
nvd
nvd
CVE-2018-5263
2018-01-08 23:29:00
exploitpack
exploitpack
Joomla! Component Easydiscuss 4.0.21 - Cross-Site Scripting
2018-01-10 00:00:00
cve
cve
CVE-2018-5263
2018-01-08 23:29:00
prion
prion
Cross site scripting
2018-01-08 23:29:00
exploitdb
exploitdb
Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting
2018-01-10 00:00:00