Exploits / Vulnerability Discovered : 2020-12-04 |
Type : webapps |
Platform : php
This exploit / vulnerability Savsoft quiz 5 field_title stored crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
Attack vector:
This vulnerability can results attacker to inject the XSS payload in admin
panel Custom Field section. And Inject JavaScript Malicious code & Steal
User’s cookie
Vulnerable Parameters: title
Steps for reproduce:
1. Go to admin panel’s add custom fields page
2. Fill the Title name as <script>alert("HELLO XSS")</script> payload in title.
3. Now Click on Save we can see our payload gets executed.
4. All Users Can Show our Payload As a xss.