Getsup 3.1.46 (Version 3.1 patch 46) > xss

2019.11.15

eawhitehat (FR)

Risk: Low

Local: Yes

Remote: Yes

CVE: N/A

CWE: N/A

# Title: Getsup 3.1.46 (Version 3.1 patch 46) > All vers affected
# Author: @Eawhitehat - Eren Arslan
# Vendor: https://gestsup.fr/
# Demo available : https://demo.gestsup.fr/ (User: admin Password: admin)
# Software Link: https://gestsup.fr/index.php?page=download
# CVE: N/A
# Screenshot :
- https://prnt.sc/pv00lo
- https://prnt.sc/pv00op
# XSS on calendar - Getsup ticketing
Connect to panel Getsup,
Go to calendar -> create a new evenement -> input your payload xss -> Double click for execute a payload
"><script>alert(/xss-by-eawhitehat/)</script>
Please add htmlspecialchars or htmlentities....

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Getsup 3.1.46 (Version 3.1 patch 46) > xss

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.