Composr CMS 10.0.34 Cross Site Scripting

Composr CMS version 10.0.34 suffers from a persistent cross site scripting vulnerability.


MD5 | 1554ea400419bac7a60455ed7af756bb

# Exploit Title: Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting
# Date: 3-12-2020
# Exploit Author: Parshwa Bhavsar
# Vendor Homepage: https://compo.sr/
# Software Link: https://compo.sr/download.htm
# Version: 10.0.34
# Tested on: Windows 10/ Kali Linux

Steps To Reproduce :-

1. Install the CMS from the download link & configure it.
2. After configuration login with admin Credential .
3. You will notice “Add banner” in the top of the browser.
4. Click on it and Put XSS payload (any) in “Description” field.
5. Save it & Click on Home.
6. Every time any user visit the website , the XSS payload will trigger.


Related Posts