d85f0c8d35
20 changes to exploits/shellcodes KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated) BRAdmin Professional 3.75 - 'BRA_Scheduler' Unquoted Service Path Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path SOYAL 701 Server 9.0.1 - Insecure Permissions SOYAL 701 Client 9.0.1 - Insecure Permissions KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access Plone CMS 5.2.3 - 'Title' Stored XSS LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS Boonex Dolphin 7.4.2 - 'width' Stored XSS Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated) VestaCP 0.9.8 - 'v_sftp_licence' Command Injection SOYAL Biometric Access Control System 5.0 - Master Code Disclosure SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated) KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated) Online News Portal 1.0 - 'name' SQL Injection Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting
16 lines
No EOL
581 B
Text
16 lines
No EOL
581 B
Text
# Exploit Title: Plone CMS 5.2.3 - 'Title' Stored XSS
|
|
# Date: 18-03-2021
|
|
# Exploit Author: Piyush Patil
|
|
# Vendor Homepage: https://plone.com/
|
|
# Software Link: https://github.com/plone/Products.CMFPlone/tags
|
|
# Version: 5.2.3
|
|
# Tested on: Windows 10
|
|
|
|
|
|
# Reference - https://github.com/plone/Products.CMFPlone/issues/3255
|
|
|
|
Steps to reproduce the issue:
|
|
1- Goto https://localhost/ where Plone 5.2.3 version is installed.
|
|
2- Click on "Log in now" and Login as "Manager"
|
|
3- Navigate to Manager=>Site Setup=>Site
|
|
4- Edit "Site title" field to "xyz<ScRiPt>alert(1)</ScRiPt>" |