Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-41731: News247 News Magazine 1.0 Cross Site Scripting ≈ Packet Storm

Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field

CVE
#sql#xss#vulnerability#linux#apache#java#php#auth
# Exploit Title: News247 - News Magazine (CMS) v1.0 – Stored Cross Site Scripting (XSS) # Exploit Author: Ravinder Verma # Date: Septmeber 14, 2022 # Vendor Homepage: https://www.sourcecodester.com/php/14952/news247-news-magazine-php-script.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/news247.zip # Tested on: Kali Linux, Apache, Mysql # Vendor: 255programmer # Version: v1.0 # CVE [Reserved] : CVE-2021-41731 # Exploit Description:#   News247 - News Magazine (CMS) v1.0 suffers from a stored cross sitescripting (XSS) Vulnerability. Admin can publish blogs under variouscategories. When creating new "blog category", if admin give maliciouspayload like *""><img src=x onerror=alert(document.cookie)>* into thecategory name field and publish that blog. Then it allows you to executearbitrary JavaScript in the context of the whole user who visited thatpage. It can be abused to steal session cookies, perform requests in thename of the victim or for phishing attacks.

Related news

News247 News Magazine 1.0 Cross Site Scripting

News247 News Magazine version 1.0 suffers from a persistent cross site scripting vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907