Advertisement




Edit Report

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2015040173

Below is a copy:

Hi Team,

#Affected Vendor: http://www.xoops.org/
#Date: 24/04/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: Persistent XSS
#Tested on: Windows 8.1
#Product: Xoops CMS
#Version: 2.5.7.1
#Tested Link:
http://localhost/Xoops/htdocs/modules/system/admin.php?fct=preferences&op=show&confcat_id=3

Description:  Xoops CMS is a free open source content management systems
(CMS), written in PHP. It uses a modular architecture allowing users to
customize, update and theme their websites. Xoops CMS is vulnerable to
stored xss vulnerability in spite of the Protector Center Module. The
parameter "footer" is the vulnerable parameter which will lead to its
compromise.

#Proof of Concept (PoC):
%22%3E%3Cimg+src%3D%22blah.jpg%22+onerror%3D%22alert%28%27pwned%27%29%22%2F%3E

-- 
Regards,

*Joel V*

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.