Security
Headlines
HeadlinesLatestCVEs

Headline

SofaWiki 3.9.2 Cross Site Scripting

SofaWiki version 3.9.2 suffers from a persistent cross site scripting vulnerability.

Packet Storm
#xss#vulnerability#windows#java#php#auth
# Exploit Title: SofaWiki 3.9.2 - Stored XSS (Authenticated)# Date: 10/17/2024# Exploit Author: Chokri Hammedi# Vendor Homepage: https://www.sofawiki.com# Software Link: https://www.sofawiki.com/site/files/snapshot.zip# Version: 3.9.2# Tested on: Windows XPSummary:A stored XSS exists in SofaWiki's Open Ticket feature. An authenticateduser can inject a JavaScript payload into the ticket's title field, whichtriggers whenever the ticket is viewed.Proof of Concept (PoC):1. Login and go to New Ticket:http://localhost/sofawiki/index.php?name=special:tickets&ticketaction=new2. Use this payload in the Title field:<script>alert('XSS');</script>3. Click Open Ticket the alert will be triggered.The payload runs each time the ticket is opened.

Packet Storm: Latest News

TOR Virtual Network Tunneling Tool 0.4.8.13