Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE-nu11secur1ty/vendors/oretnom23/2022/Cosmetics-and-Beauty-Product-Online-Store/
CVE-nu11secur1ty/vendors/oretnom23/2022/Cosmetics-and-Beauty-Product-Online-Store/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
PoC
 
 
 
 

Cosmetics-and-Beauty-Product-Online-Store

Vendor

Description:

The search parameter from /cbpos/ app on Cosmetics and Beauty Product Online Store v1.0 appears to be vulnerable to multiple XSS-Reflected attacks. The attacker can take very sensitive information from the system and even he can prepare a very dangerous RCE by using this XSS vulnerability.

Status: CRITICAL

[+] Payloads:

<a href="https://www.malicious_site.com/">Please visit our beauty store!</a>
<a href="https://www.nu11secur1ty.com/"><img src=https://cdn5-capriofiles.netdna-ssl.com/wp-content/uploads/2017/07/IMG_0068.gif">
  • RCE example:
<a href="http://192.168.1.8/cbpos/uploads/product_4/banner.3.jpg"><img src=https://cdn5-capriofiles.netdna-ssl.com/wp-content/uploads/2017/07/IMG_0068.gif">

Reproduce:

href

More info:

href