GetSimple CMS Custom JS Plugin 0.1 – CSRF to Persistent XSS – Digitalmunition

Exploit/Advisories

Published on March 27th, 2021 📆 | 5494 Views ⚑

0

GetSimple CMS Custom JS Plugin 0.1 – CSRF to Persistent XSS

# Exploit Title: GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS
# Exploit Author: Abhishek Joshi 
# Date: March 25, 2021
# Vendor Homepage: http://get-simple.info/extend/plugin/custom-js/1267 / http://get-simple.info/download
# Software Link: http://get-simple.info/extend/export/5260/1267/custom-js.zip
# Version: 0.1 
# Tested On: Windows 10 Pro + XAMPP + PHP Version 7.4.10
# Tested against: Firefox 78.7.0esr (64-bit)

# Vulnerability Description:
# Cross-Site Request Forgery (CSRF) vulnerability in Custom JS v0.1 plugin for GetSimple CMS allows remote attackers to inject arbitrary client-side script code into every webpage hosted on the CMS (Persistent Cross-Site Scripting), when an authenticated admin visiting a third-party site.

## CSRF POST Form Method
Close

Tagged with: cms • CSRF • custom • getsimple • persistent • php • plugin • webapps • XSS

Leave a Reply Cancel reply

You must be logged in to post a comment.

we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on RSS ,Facebook or Twitter for the latest updates. DigitalMunition is designed to help Auditors, Pentesters & Security Experts to keep their ethical hacking oriented toolbox up-to-date .
This website is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this website.

Archives

© DigitalMunition Privacy Policy Disclaimer T&C

Back to Top ↑