Description: Pixelimity CMS is prone to a Persistent Cross-Site Scripting attack that allows a malicious user to inject HTML or scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site.
Affected software: Pixelimity CMS
Type of vulnerability: XSS (Stored XSS)
Discovered by: BreachLock
Website: https://www.breachlock.com
Author: Subodh Kumar
Description: Pixelimity CMS is prone to a Persistent Cross-Site Scripting attack that allows a malicious user to inject HTML or scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site.
Vulnerable URL:
http://127.0.0.39/pixelimity/admin/portfolio.php
Vulnerable parameter:
Title
Proof of concept:
Login as admin.
Locate URL - http://127.0.0.39/pixelimity/admin/portfolio.php and click on "Add New"
Put XSS payload in the "data[title]" parameter "></textarea><svg/onload=alert("XSS_By_Breachlock")> and click on "publish Portfolio."

Visit the link - http://127.0.0.39/pixelimity/ to execute the payload.

The text was updated successfully, but these errors were encountered: