Composr cms 10.0.34 banners persistent cross site scripting Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-12-04 | Type : webapps | Platform : php
This exploit / vulnerability Composr cms 10.0.34 banners persistent cross site scripting is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting
# Date: 3-12-2020
# Exploit Author: Parshwa Bhavsar
# Vendor Homepage: https://compo.sr/
# Software Link: https://compo.sr/download.htm
# Version: 10.0.34
# Tested on: Windows 10/ Kali Linux

Steps To Reproduce :-

1. Install the CMS from the download link & configure it.
2. After configuration login with admin Credential .
3. You will notice “Add banner” in the top of the browser.
4. Click on it and Put XSS payload (any) in “Description” field.
5. Save it & Click on Home.
6. Every time any user visit the website , the XSS payload will trigger.

Composr cms 10.0.34 banners persistent cross site scripting


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Composr cms 10.0.34 banners persistent cross site scripting Vulnerability / Exploit