# Exploit Title: SofaWiki 3.9.2 - Reflected XSS (Authenticated) via Regex Replace Preview # Date: 10/17/2024 # Exploit Author: Chokri Hammedi # Vendor Homepage: https://www.sofawiki.com # Software Link: https://www.sofawiki.com/site/files/snapshot.zip # Version: 3.9.2 # Tested on: Windows XP *Summary:* A *reflected XSS* vulnerability exists in the *Regex Replace Preview* feature of SofaWiki. When a malicious payload is injected into the *Replace* field, the payload is executed immediately in the user’s browser during the preview. Proof of Concept (PoC): 1. Login to SofaWiki. 2. Go to Special => Regex : http://localhost/sofawiki/index.php?action=view&name=special:regex&lang=en 3. In the Regex field, enter any text (e.g., test). 4. In the Replace field, inject the following payload: <script>alert('XSS');</script> 5. Click Replace Preview to trigger the XSS.