# Title: Getsup 3.1.45 (Version 3.1 patch 45) > All vers affected
# Author: @Eawhitehat - Eren Arslan
# Vendor: https://gestsup.fr/
# Demo available : https://demo.gestsup.fr/ (User: admin Password: admin)
# Software Link: https://gestsup.fr/index.php?page=download
# CVE: N/A
# Screenshot :
- https://prnt.sc/psvywq
- https://prnt.sc/psvz4z
- https://prnt.sc/psvzau
- https://prnt.sc/psvzgq
# Multiple XSS - Getsup ticketing
- XSS 1 :
Connect to panel Getsup,
Go to yours tickets -> All states -> Paste your payload on "Number" or "Title" form and press Enter for execute
- XSS 2 :
Connect to panel Getsup,
Go to All tickets -> All states -> Paste your payload on "Number" or "Title" form and press Enter for execute
- XSS 3 :
Connect to panel Getsup,
Find search form -> paste payload and press enter for execute
- XSS 4 :
Connect to panel Getsup,
Go to Calendar ->
Go to calendar, double click on a date to create an event, then paste the XSS payload to infect the selected day, and double click to run it
# For 0day.today - 2019/11/05 - By @eawhitehat #
# 0day.today [2019-12-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation