header-logo
Suggest Exploit
vendor:
FlatCore CMS
by:
Sinem Sahin
8.8
CVSS
HIGH
Stored Cross Site Scripting
79
CWE
Product Name: FlatCore CMS
Affected Version From: 2.1.2001
Affected Version To: 2.1.2001
Patch Exists: YES
Related CWE:
CPE: 2.3:a:flatcore:flatcore_cms:2.1.1
Metasploit:
Other Scripts:
Platforms Tested: Windows & XAMPP
2020

FlatCore CMS 2.1.1 -Stored Cross Site Scripting

FlatCore CMS 2.1.1 is vulnerable to Stored Cross Site Scripting. An attacker can inject malicious JavaScript code into the username field of the user account, which will be executed when the user visits the page. The malicious code can be used to steal user credentials, hijack user sessions, redirect users to malicious websites, etc.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the username field. Additionally, the application should be kept up to date with the latest security patches.
Source

Exploit-DB raw data:

# Exploit Title: FlatCore CMS 2.1.1 -Stored Cross Site Scripting
# Date: 2020-09-24
# Exploit Author: Sinem Şahin
# Vendor Homepage: https://flatcore.org/
# Version: 2.1.1
# Tested on: Windows & XAMPP

==> Tutorial <==

1- Go to the following url. => http://(HOST)/install/index.php
2- Write XSS Payload into the username of the user account.
3- Press "Save" button.

XSS Payload ==> "<script>alert("usernameXSS")</script>

Navigation

Suggest Exploit

Services By CQR