Share
# Title: Getsup 3.1.46 (Version 3.1 patch 46) > All vers affected
# Author: @Eawhitehat - Eren Arslan
# Vendor: https://gestsup.fr/
# Demo available : https://demo.gestsup.fr/ (User: admin Password: admin)
# Software Link: https://gestsup.fr/index.php?page=download
# CVE: N/A
 
# Screenshot :
- https://prnt.sc/pv00lo
- https://prnt.sc/pv00op
 
# XSS on calendar - Getsup ticketing
 
Connect to panel Getsup,
Go to calendar -> create a new evenement -> input your payload xss -> Double click for execute a payload

"><script>alert(/xss-by-eawhitehat/)</script>

Please add htmlspecialchars or htmlentities....

#  0day.today [2019-12-04]  #