Queue Management System 4.0.0 Cross Site Scripting

2020-12-21 / 2020-12-22

Credit: Kislay Kumar

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Queue Management System 4.0.0 - "Add User" Stored XSS
# Exploit Author: Kislay Kumar
# Date: 2020-12-21
# Google Dork: N/A
# Vendor Homepage: http://codekernel.net/
# Software Link: https://codecanyon.net/item/queue-management-system/22029961
# Affected Version: Version 4.0.0
# Patched Version: Unpatched
# Category: Web Application
# Tested on: Kali Linux
Step 1. Login as admin.
Step 2. Select "Users" from menu and click on "Add User .
Step 3. Insert payload - "><svg/onload=alert(1)> in "Firtst Name" , " Last
Name "and " Email ".
Step 4. Now open "User List " from menu and you will get alert box.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Queue Management System 4.0.0 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.