Getsup 3.1.46 (Version 3.1 patch 46) > xss - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1823613 漏洞类型
发布时间 2019-11-15 更新时间 2019-11-15
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019110098
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Title: Getsup 3.1.46 (Version 3.1 patch 46) > All vers affected
# Author: @Eawhitehat - Eren Arslan
# Vendor: https://gestsup.fr/
# Demo available : https://demo.gestsup.fr/ (User: admin Password: admin)
# Software Link: https://gestsup.fr/index.php?page=download
# CVE: N/A
  
# Screenshot :
- https://prnt.sc/pv00lo
- https://prnt.sc/pv00op
  
# XSS on calendar - Getsup ticketing
  
Connect to panel Getsup,
Go to calendar -> create a new evenement -> input your payload xss -> Double click for execute a payload
 
"><script>alert(/xss-by-eawhitehat/)</script>
 
Please add htmlspecialchars or htmlentities....