bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/34624.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

15 lines
No EOL
612 B
Text
Raw Blame History

# Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing!
# Discovered by: Provensec
# Website: http://www.provensec.com
# Author: Provensec Labs
# Type of vulnerability: XSS Stored
# Description:
1 Goto http://server add a new lead fill all the fields properly but Fill the email filed with xss payload as given in the screenshot
http://prntscr.com/4lf043
payload used "><img src=d onerror=confirm(/provensec/);>
2 click save and close button
http://prntscr.com/4lf0ej
Reference in a new issue View git blame Copy permalink