Skip to content

Latest commit

 

History

History
25 lines (17 loc) · 1.04 KB

FUEL CMS Reflected Cross-Site Scripting (XSS).md

File metadata and controls

25 lines (17 loc) · 1.04 KB

FUEL CMS Reflected Cross-Site Scripting (XSS)

Exploit Title:A reflected Cross-Site Scripting (XSS) vulnerability exists in FUEL CMS

Exploit Author:Lina Li

Version:1.5.2

Tested on:Ubuntu+kali linux

CVE:CVE-2024-25369

Description:

FUEL-CMS-1.5.2 exists a reflected Cross-Site Scripting(XSS) vulnerability Reflected Cross-Site Scripting(XSS) in Navigation. On the Navigation page, it has been identified that attackers are capable of executing XSS injections using some payloads.

Proof of Concept:

  1. After logging in, searching on the Navigation page.

image

  1. A payload can be inserted after the “group_id” parameter, for example: payload -> "onmouseover="alert('xss')".

  2. When the attacker moves the mouse over the Create button, it triggers an XSS attack.

2024-02-14 152654