Skip to content

Instantly share code, notes, and snippets.

@damodarnaik

damodarnaik/CVE-2022-47372.md

Created October 17, 2023 16:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save damodarnaik/576c39162fce7da458d2f41f1cbe99e8 to your computer and use it in GitHub Desktop.
Save damodarnaik/576c39162fce7da458d2f41f1cbe99e8 to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2022-47372
Raw
CVE-2022-47372.md

CVE-2022-47372

# Vulnerability Title: Stored Cross Site Scripting - Create Event Module
# Vendor Homepage: https://pandorafms.com/en/
# Version: <= v765
# CVE: CVE-2022-47372
# CVSS 3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (5.4 Medium)
# Exploit Author: Damodar Naik
# Date: 02/14/2023

Steps to reproduce:

  1. Create new Event as an attacker.
  2. Add a XSS payload in free search field and create a event.
  3. Browse the Event filter module as an Admin, and click on the event which was created.
  4. The XSS payload will be executed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment