header-logo
Suggest Exploit
vendor:
Chevereto
by:
Akıner Kısa
8.8
CVSS
HIGH
Cross Site Scripting (Stored)
79
CWE
Product Name: Chevereto
Affected Version From: 3.17.1
Affected Version To: 3.17.1
Patch Exists: NO
Related CWE: N/A
CPE: chevereto:chevereto
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 / Xampp
2021

Chevereto 3.17.1 – Cross Site Scripting (Stored)

Chevereto 3.17.1 is vulnerable to Cross Site Scripting (Stored) vulnerability. An attacker can exploit this vulnerability by uploading an image and writing '><svg/onload=alert(1)> instead of the title. After uploading the image, the attacker can go to the picture address and execute malicious code.

Mitigation:

The user should ensure that all user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

# Exploit Title: Chevereto 3.17.1 - Cross Site Scripting (Stored)
# Google Dork: "powered by chevereto"
# Date: 19.04.2021
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://chevereto.com/
# Software Link: https://chevereto.com/releases
# Version: 3.17.1
# Tested on: Windows 10 / Xampp

Proof of Concept:

1. Press the Upload image button and upload any image.
2. After uploading the image, press the pencil icon on the top right of the image and write "><svg/onload=alert(1)> instead of the title.
3. Upload the picture and go to the picture address.

Navigation

Suggest Exploit

Services By CQR