GetSimple CMS 5.7.3.1 Cross Site Scripting

Posted on 30 June 2015

#Date: 29/06/2015 #Discovered by: Joel Vadodil Varghese #Type of vulnerability: Persistent XSS #Tested on: Windows 7 #Product: GetSimple CMS #Version: 5.7.3.1 #Description: Application is vulnerable to Persistent XSS attack on page - URL - http://localhost/Getsimplecms-3.3.5/admin/edit.php?id=temp&upd=edit-success&type=edit Payload - ">img src="blah.jpg" onerror="alert('XSS')"/ Notified Vendor: May 20, 2015 Response: June 19, 2015 Closure: June 23, 2015 ( https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1046) -- Regards, *Joel V*

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Relate Cross Site Scripting
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference

Last 20