Worksuite CMS - Multiple XSS

2023.03.09
Credit: Eren Arslan
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Title: Worksuite CMS - Multiple XSS # Author: @Eawhitehat - Eren Arslan # Vendor: https://worksuite.biz # Demo available : https://demo.worksuite.biz # CVE: N/A # XSS Used Payload : </script><svg onload=alert(1234)> Demo : Admin : admin@example.com 123456 Method : Connect to panel, Go to : Select or create one user : Entry random information in all category and paste to description the payload : </script><svg onload=alert(1234)> Re-select your created users and look the payload loaded Affected page : ../account/leads ../account/clients ../account/employees ../account/leaves


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top