Micro CMS Persistent Cross-Site Scripting Vulnerability

  • Post author:
  • Reading time:1 mins read

Folks,
SecPod Research Team member (Veerendra G.G) found persistent XSS flaw in Micro CMS, which can be used to gain sensitive information and launch further attacks. The flaw lies in name parameters while the web Application processes the user-supplied input and renders the content back to the client’s browser. The flaw can be exploited to inject arbitrary HTML codes and steal cookies and so on. Sometimes the POC/Exploit will disable adding comments for that specific post.

More information on the flaws can be found here.