CVE-2021-41731: News247 News Magazine 1.0 Cross Site Scripting ≈ Packet Storm

# Exploit Title: News247 - News Magazine (CMS) v1.0 – Stored Cross Site Scripting (XSS) # Exploit Author: Ravinder Verma # Date: Septmeber 14, 2022 # Vendor Homepage: https://www.sourcecodester.com/php/14952/news247-news-magazine-php-script.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/news247.zip # Tested on: Kali Linux, Apache, Mysql # Vendor: 255programmer # Version: v1.0 # CVE [Reserved] : CVE-2021-41731 # Exploit Description:#   News247 - News Magazine (CMS) v1.0 suffers from a stored cross sitescripting (XSS) Vulnerability. Admin can publish blogs under variouscategories. When creating new "blog category", if admin give maliciouspayload like *""><img src=x onerror=alert(document.cookie)>* into thecategory name field and publish that blog. Then it allows you to executearbitrary JavaScript in the context of the whole user who visited thatpage. It can be abused to steal session cookies, perform requests in thename of the victim or for phishing attacks.