Advertisement






Xoops CMS 2.5.7.1 Cross Site Scripting

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2015040173

Below is a copy:

Hi Team,

#Affected Vendor: http://www.xoops.org/
#Date: 24/04/2015
#Discovered by: Joel Vadodil Varghese
#Type of vulnerability: Persistent XSS
#Tested on: Windows 8.1
#Product: Xoops CMS
#Version: 2.5.7.1
#Tested Link:
http://localhost/Xoops/htdocs/modules/system/admin.php?fct=preferences&op=show&confcat_id=3

Description:  Xoops CMS is a free open source content management systems
(CMS), written in PHP. It uses a modular architecture allowing users to
customize, update and theme their websites. Xoops CMS is vulnerable to
stored xss vulnerability in spite of the Protector Center Module. The
parameter "footer" is the vulnerable parameter which will lead to its
compromise.

#Proof of Concept (PoC):
%22%3E%3Cimg+src%3D%22blah.jpg%22+onerror%3D%22alert%28%27pwned%27%29%22%2F%3E

-- 
Regards,

*Joel V*

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum