Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

There is stored XSS in version v2024.1000.4040 which can lead to stealing sensitive information of logged-in users #1183

Open
4everwl opened this issue Sep 10, 2024 · 0 comments
Open

There is stored XSS in version v2024.1000.4040 which can lead to stealing sensitive information of logged-in users #1183

4everwl opened this issue Sep 10, 2024 · 0 comments

Comments

@4everwl
Copy link

4everwl commented Sep 10, 2024

Software Link :https://github.com/magicblack/maccms10
Website : https://www.maccms.plus/
Vulnerable version v2024.1000.4040 download address :https://github.com/magicblack/maccms10/releases/tag/V2024.1000.4040
After the installation is complete, log in as admin, open the page

image-20240910204141059

Add a scheduled task.

image-20240910204248704

Here you can fill in malicious JavaScript code to cause stored xss

image-20240910204314189

Causes stored XSS to steal sensitive information of logged-in users

The second malicious code pops up

image-20240910204322629

POC:

<script>alert(document.cookie)</script>
<script>alert(1)</script>
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@4everwl