Security
Headlines
HeadlinesLatestCVEs

Headline

News247 News Magazine 1.0 Cross Site Scripting

News247 News Magazine version 1.0 suffers from a persistent cross site scripting vulnerability.

Packet Storm
#sql#xss#vulnerability#linux#apache#java#php#auth
# Exploit Title: News247 - News Magazine (CMS) v1.0 – Stored Cross Site Scripting (XSS) # Exploit Author: Ravinder Verma # Date: Septmeber 14, 2022 # Vendor Homepage: https://www.sourcecodester.com/php/14952/news247-news-magazine-php-script.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/news247.zip # Tested on: Kali Linux, Apache, Mysql # Vendor: 255programmer # Version: v1.0 # CVE [Reserved] : CVE-2021-41731 # Exploit Description:#   News247 - News Magazine (CMS) v1.0 suffers from a stored cross sitescripting (XSS) Vulnerability. Admin can publish blogs under variouscategories. When creating new "blog category", if admin give maliciouspayload like *""><img src=x onerror=alert(document.cookie)>* into thecategory name field and publish that blog. Then it allows you to executearbitrary JavaScript in the context of the whole user who visited thatpage. It can be abused to steal session cookies, perform requests in thename of the victim or for phishing attacks.

Related news

CVE-2021-41731: News247 News Magazine 1.0 Cross Site Scripting ≈ Packet Storm

Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution