News247 News Magazine 1.0 Cross Site Scripting ≈ Packet Storm

News247 News Magazine 1.0 Cross Site Scripting ≈ Packet Storm

Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]

News247 News Magazine 1.0 Cross Site Scripting[6]
Authored by Ravinder Verma[7]

News247 News Magazine version 1.0 suffers from a persistent cross site scripting vulnerability.

advisories | CVE-2021-41731[8]
SHA-256 | 0ea0c812171a55c5cffd9cd5752f28312a1e018fc62d7680951d7ba32234f7be

Change Mirror[12] Download[13]

        # Exploit Title: News247 - News Magazine (CMS) v1.0 – Stored Cross Site Scripting (XSS) 
# Exploit Author: Ravinder Verma
# Date: Septmeber 14, 2022
# Vendor Homepage:
# Software Link:
# Tested on: Kali Linux, Apache, Mysql
# Vendor: 255programmer
# Version: v1.0
# CVE [Reserved] : CVE-2021-41731
# Exploit Description:
# News247 - News Magazine (CMS) v1.0 suffers from a stored cross site
scripting (XSS) Vulnerability. Admin can publish blogs under various
categories. When creating new "blog category", if admin give malicious
payload like *""><img src=x onerror=alert(document.cookie)>* into the
category name field and publish that blog. Then it allows you to execute
arbitrary JavaScript in the context of the whole user who visited that
page. It can be abused to steal session cookies, perform requests in the
name of the victim or for phishing attacks.

Login[14] or Register[15] to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa

File Tags

File Archives


packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.


"No secure path in the world"