Advertisement






Worksuite CMS - Multiple XSS

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023030024

Below is a copy:

Worksuite CMS - Multiple XSS
# Title: Worksuite CMS - Multiple XSS
# Author: @Eawhitehat - Eren Arslan
# Vendor: https://worksuite.biz
# Demo available : https://demo.worksuite.biz
# CVE: N/A

# XSS

Used Payload : </script><svg onload=alert(1234)>

Demo : 
Admin : [email protected] 123456

Method :
Connect to panel,
Go to : 
Select or create one user : Entry random information in all category and paste to description the payload : </script><svg onload=alert(1234)>
Re-select your created users and look the payload loaded

Affected page : 
../account/leads
../account/clients
../account/employees
../account/leaves

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.