vendor:
Victor CMS
by:
Anushree Priyadarshini
6.1
CVSS
MEDIUM
Persistent Cross-Site Scripting
79
CWE
Product Name: Victor CMS
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: CVE-2020-15599
CPE: a:victor_alagwu:victor_cms:1.0
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Windows 10
2020
Victor CMS 1.0 – ‘user_firstname’ Persistent Cross-Site Scripting
The form parameter 'user_firstname' and 'user_lastname' is vulnerable to stored cross site scripting. Payload for 'user_firstname' : <script>alert(1)</script> Payload for 'user_lastname' : <script>alert(2)</script>
Mitigation:
Input validation should be done to prevent malicious code from being stored in the database.
