Chevereto 3.17.1 - Stored Cross Site Scripting (XSS)

2021.05.23
ir Ali Seddigh (IR) ir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

|=========================================================================== | # Exploit Title : Chevereto 3.17.1 - Stored Cross Site Scripting (XSS) | | # Author : Ali Seddigh | | # Category : Web Application | | # Vendor Homepage: https://chevereto.com/ | | # Software Link: https://chevereto.com/releases | | # Tested on : [ Windows ~> 10 ] | | # Version : 3.17.1 | | # Date : 2021-05-23 |=========================================================================== | | # Proof of Concept (POC): | | 1. Press the Upload image button and upload any image. | 2. After uploading the image, press the pencil icon on the top right of the image and write "><svg/onload=alert(1)> instead of the title. | 3. Upload the picture and go to the picture address. | |=========================================================================== | # Discovered By : Ali Triplex |===========================================================================


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top