Home / os / wins2003

Akeneo PIM Cross Site Scripting

Posted on 27 February 2015

# Affected software: Akeneo Online Demo # Type of vulnerability: stored xss # URL: http://www.akeneo.com/demo/ # Discovered by: Provensec # Website: http://www.provensec.com # Description:Akeneo is an open source Product Information Management (PIM) system designed for retailers looking for efficient answers to their multichannel needs. # Proof of concept username field of profile section was vulnerable to stored xss http://demo.akeneo.com/#url=/user/profile/edit edit the Username with payload "><img src=d onerror=confirm(1);> and java script will execute #screen http://prntscr.com/69ywwr

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Apache Solr Backup/Restore API Remote Code Execution
Nginx 1.25.5 Host Header Validation
Relate Learning And Teaching System SSTI / Remote Code Execution
Flowise 1.6.5 Authentication Bypass
WordPress Background Image Cropper 1.2 Shell Upload

Last 20