Exploits / Vulnerability Discovered : 2019-05-03 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Zotonic < 0.47.0 mod_admin crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
Zotonic versions prior to 0.47 have multiple authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in the management module. The vulnerabilitie can be exploited when an authenticated user with administrative permissions visits the crafted URL (i.e. when phished or visits a website containing the URL). The XSS effects the following URLs and parameters of the management module:
- /admin/overview/ [qcat, qcustompivot, qs]
- /admin/users/ [qs]
- /admin/media/ [qcat,qcustompivot, qs]