AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/166649/AeroCMS-0.0.1-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://drive.google.com/file/d/1GxOyX1JkG0trfdaCLfe06TR6WLIGoUXE/view?usp=sharing | Exploit Third Party Advisory |
https://github.com/D4rkP0w4r/AeroCMS-Comment-Stored_XSS-Poc | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-04-08T08:23:35
Updated: 2022-04-08T17:06:23
Reserved: 2022-03-14T00:00:00
Link: CVE-2022-27063
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-08T09:15:11.580
Modified: 2022-04-13T20:50:24.707
Link: CVE-2022-27063
JSON object: View
Redhat Information
No data.
CWE