Coaster CMS version 5.8.18 suffers from a persistent cross site scripting vulnerability.
ce3238081736d3ec6592f99957e38ebd98bbfcfb19eac7e5fb78f6515a08c33c# Exploit Title: Coastercms 5.8.18 - Stored XSS
# Exploit Author: Hardik Solanki
# Vendor Homepage: https://www.coastercms.org/
# Software Link: https://www.coastercms.org/
# Version: 5.8.18
# Tested on Windows 10
XSS IMPACT:
1: Steal the cookie
2: User redirection to a malicious website
Vulnerable Parameters: Edit Page tab
Steps to reproduce:
1: Navigate to "http://localhost/admin/login" and log in with
admin credentials.
2:- Then after login navigates to "Page --> Homepage --> Our Blog" and
click on the edit page.
3: Then add the payload "<script>alert(123)</script>" & Payload
"<h1>test</h1>", and cliock on update button. Saved succesfully.
4: Now, click on "View live page" and it will redirect you to the live page
at "http://localhost/homepage/blog" and XSS will get stored and
trigger on the main home page
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed