Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-24223: CVE/Mara CMS 7.5 - Cross Site Scripting at master · FreySolarEye/CVE

Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.

CVE
#xss#vulnerability#linux#php#perl#auth

============================================================================================================================

| # Title : Mara CMS 7.5 Cross Site Scriping |

| # Author : George Tsimpidas |

| # Tested on : Kali Linux (X64) | |

| # Vendor : https://sourceforge.net/projects/maracms/ |

| # CVE : CVE-2020-24223 |

============================================================================================================================

Mara CMS 7.5 suffers from a Reflected Cross Site Scripting vulnerability.

Description :

This Reflected XSS vulnerability allows any authenticated user to

inject malicious code via the parameter contact.php?theme=<inject>.

The vulnerability exists because the parameter is not properly

sanitized and this can lead to malicious code injection that will be

executed on the target’s browser.

PoC

[+] Use Payload : seven69387’;alert(1)//154

Path : http://localhost/contact.php?theme=< inject payload here>

Full Path :

http://localhost/contact.php?theme=seven69387’;alert(1)//154

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907