Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Hi Team, #Affected Vendor: http://www.xoops.org/ #Date: 24/04/2015 #Discovered by: Joel Vadodil Varghese #Type of vulnerability: Persistent XSS #Tested on: Windows 8.1 #Product: Xoops CMS #Version: 2.5.7.1 #Tested Link: http://localhost/Xoops/htdocs/modules/system/admin.php?fct=preferences&op=show&confcat_id=3 Description: Xoops CMS is a free open source content management systems (CMS), written in PHP. It uses a modular architecture allowing users to customize, update and theme their websites. Xoops CMS is vulnerable to stored xss vulnerability in spite of the Protector Center Module. The parameter "footer" is the vulnerable parameter which will lead to its compromise. #Proof of Concept (PoC): %22%3E%3Cimg+src%3D%22blah.jpg%22+onerror%3D%22alert%28%27pwned%27%29%22%2F%3E -- Regards, *Joel V*
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.