Advertisement






News247 News Magazine 1.0 Cross Site Scripting

CVE Category Price Severity
CVE-2021-41731 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2022-09-15
CPE
cpe:cpe:/a:news247:news_magazine:1.0
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022090039

Below is a copy:

News247 News Magazine 1.0 Cross Site Scripting
# Exploit Title: News247 - News Magazine (CMS) v1.0  Stored Cross Site Scripting (XSS) 
# Exploit Author: Ravinder Verma 
# Date: Septmeber 14, 2022 
# Vendor Homepage: https://www.sourcecodester.com/php/14952/news247-news-magazine-php-script.html 
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/news247.zip 
# Tested on: Kali Linux, Apache, Mysql 
# Vendor: 255programmer 
# Version: v1.0 
# CVE [Reserved] : CVE-2021-41731 
# Exploit Description:

#   News247 - News Magazine (CMS) v1.0 suffers from a stored cross site
scripting (XSS) Vulnerability. Admin can publish blogs under various
categories. When creating new "blog category", if admin give malicious
payload like *""><img src=x onerror=alert(document.cookie)>* into the
category name field and publish that blog. Then it allows you to execute
arbitrary JavaScript in the context of the whole user who visited that
page. It can be abused to steal session cookies, perform requests in the
name of the victim or for phishing attacks.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum