Monstra CMS 3.0.4 Reflected XSS

2018.05.21
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: [ Reflected XSS at Monstra CMS 3.0.4 ] # Date: [20.05.2018] # Exploit Author: [Ismail Tasdelen] # Vendor Homepage: [http://monstra.org/] # Software Link: [ Monstra CMS ] # Version: Monstra CMS 3.0.4 # Tested on: Windows 10 / Debian - XAMMP Web Server # PoC : https://www.youtube.com/watch?v=_79BdaaPAuc # Reflected XSS Payload : "><script>alert('Ismail Tasdelen')</script> # You want to follow my activity ? https://www.linkedin.com/in/ismailtasdelen https://github.com/ismailtasdelen https://twitter.com/ismailtsdln

References:

https://www.youtube.com/watch?v=_79BdaaPAuc


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top