Boonex Dolphin 7.4.2 Cross Site Scripting

2021.03.19

Credit: Piyush Patil

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Boonex Dolphin 7.4.2 - 'width' Stored XSS
# Date: 18-03-2021
# Exploit Author: Piyush Patil
# Vendor Homepage: https://www.boonex.com/
# Software Link: https://www.boonex.com/downloads
# Version: 7.4.2
# Tested on: Windows 10
# Reference - https://github.com/xoffense/POC/blob/main/Boonex%20Dolphin%20CMS%207.4.2%20%20stored%20XSS
Steps to Reproduce Bug:
1- Login to Admin Panel
2- Goto "Builders" => "Pages Builder"
3- Select any page
4- Turn on Burp Suite Intercept and Change "other pages width" to "1081px</script><script>alert(document.cookie)</script>"

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Boonex Dolphin 7.4.2 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.