header-logo
Suggest Exploit
vendor:
Composr CMS
by:
Parshwa Bhavsar
8.8
CVSS
HIGH
Persistent Cross Site Scripting
79
CWE
Product Name: Composr CMS
Affected Version From: 10.0.34
Affected Version To: 10.0.34
Patch Exists: YES
Related CWE: N/A
CPE: a:compo.sr:composr_cms:10.0.34
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10, Kali Linux
2020

Composr CMS 10.0.34 – ‘banners’ Persistent Cross Site Scripting

Composr CMS 10.0.34 is vulnerable to persistent cross-site scripting (XSS) in the 'banners' feature. An attacker can inject malicious JavaScript code into the 'Description' field of the 'Add banner' feature, which will be executed in the browser of any user who visits the website.

Mitigation:

Upgrade to the latest version of Composr CMS.
Source

Exploit-DB raw data:

# Exploit Title: Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting
# Date: 3-12-2020
# Exploit Author: Parshwa Bhavsar
# Vendor Homepage: https://compo.sr/
# Software Link: https://compo.sr/download.htm
# Version: 10.0.34
# Tested on: Windows 10/ Kali Linux

Steps To Reproduce :-

1. Install the CMS from the download link & configure it.
2. After configuration login with admin Credential .
3. You will notice “Add banner” in the top of the browser.
4. Click on it and Put XSS payload (any) in “Description” field.
5. Save it & Click on Home.
6. Every time any user visit the website , the XSS payload will trigger.

Navigation

Suggest Exploit

Services By CQR