Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-3546: Stored-xss-/Poc at main · thehackingverse/Stored-xss-

A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability.

CVE
Open in Source
#xss#vulnerability#windows#apache#java#php#auth

# Exploit Title: Simple Cold Storage Management System v1.0 - Stored XSS in “Create User”

# Exploit Author: Ritik Dewan

# Vendor Name: oretnom23

# Vendor Homepage: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html

# Software Link: https://www.sourcecodester.com/php/15088/simple-cold-storage-management-system-using-phpoop-source-code.html

# Version: v1.0

# Tested on: Windows 11, Apache

Description: A multiple stored XSS in Simple Cold Storage Management System v1.0 allows an attacker to input arbitrary javascript code into those vulnerable parameters

Vulnerable Parameters:

First Name

Last Name

Payload:

<script>alert(1)</script>

Steps:

  1. Login into admin account

  2. Now go to “http://localhost/csms/admin/?page=user/list” and create a user

  3. Now in Parameters “First Name” and “Last Name” put your payload

Payload: <script>alert(1)</script>

  1. Now save the user and our payload has been executed

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE