[-] Title : Statamic CMS 1.10.3 Cross-Site Scripting
[-] Author : Ashkan Moghaddas
[-] Vendor : https://statamic.com/
[-] Category : Webapps
[-] Date : 06.26.2018
Vulnerable page :
upload/admin/themes/ascent/templates/error.php
Vulnerable Source :
Line 6 : echo echo Localization::fetch($_GET['code']);
------------------------------------------------------------
POC :
http://localhost/upload/admin/themes/ascent/templates/error.php?code=[XSS]
============================
WebSite : UltraSec.Org
Channel : @UltraSecurity
Email : ashkanmoghaddas77@gmail.com
Special Thanks : abolfazl hajizade , MrQadir , Milad Ranjbar
