Advertisement






Chevereto 3.17.1 - Stored Cross Site Scripting (XSS)

CVE Category Price Severity
CVE-2021-30004 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2021-05-23
CPE
cpe:cpe:/a:chevereto:chevereto:3.17.1
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021050129

Below is a copy:

Chevereto 3.17.1 - Stored Cross Site Scripting (XSS)
|===========================================================================
| # Exploit Title : Chevereto 3.17.1 - Stored Cross Site Scripting (XSS)
|                                                                           
| # Author : Ali Seddigh                                              
|                                                                           
| # Category : Web Application               
|
| # Vendor Homepage: https://chevereto.com/
|
| # Software Link: https://chevereto.com/releases
|                                                                           
| # Tested on : [ Windows ~> 10 ]                                                     
|
| # Version : 3.17.1
|                  
| # Date : 2021-05-23                                                        
|===========================================================================
|
| # Proof of Concept (POC):
|
| 1. Press the Upload image button and upload any image.
| 2. After uploading the image, press the pencil icon on the top right of the image and write "><svg/onload=alert(1)> instead of the title.
| 3. Upload the picture and go to the picture address.
|
|===========================================================================
| # Discovered By : Ali Triplex                                             
|===========================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.