Advertisement






PHP Scripts Mall Doctor Search Script 1.0.2 Cross Site Scripting

CVE Category Price Severity
CVE-2018-6655 CWE-79 Not specified Not specified
Author Risk Exploitation Type Date
Not specified Not specified Not specified 2018-02-08
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018020110

Below is a copy:

PHP Scripts Mall Doctor Search Script 1.0.2 Cross Site Scripting
######################################################################################
# Exploit Title: PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS.
# Date: 06.02.2018
# Exploit Author: Prasenjit Kanti Paul
# Web: http://hack2rule.wordpress.com/
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link: https://www.phpscriptsmall.com/product/doctor-search-script/
# Category: Web Application
# Version: 1.0.2
# Tested on: Linux Mint
# CVE: CVE-2018-6655
#######################################################################################
 
*Proof of Concept*
1. Login as a user
2. Goto "Edit Profile"
3. Edit any field with "<script>alert("PKP")</script>"
4. Save Profile
5. You will be having a popup "PKP"

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.