Share
## https://sploitus.com/exploit?id=PACKETSTORM:218892
==================================================================================================================================
    | # Title     : CMS sense v 2.0 HTML Injection Leading to XSS  via Attribute Breakout                                           |
    | # Author    : indoushka                                                                                                        |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.4 (64 bits)                                                 |
    | # Vendor    : https://senseconseil.com/en/                                                                                     |
    ==================================================================================================================================
    
    [+] Summary    : A vulnerability has been identified in a content management script due to improper input sanitization. An attacker can inject 
                     malicious HTML payloads such as "><b>test</b> to break out of HTML attributes and manipulate the DOM structure. 
    				 This issue can be escalated into Cross-Site Scripting (XSS), allowing execution of arbitrary JavaScript in the victim’s browser. 
                     Successful exploitation may lead to session hijacking, cookie theft, and unauthorized actions performed on behalf of the user.
    
    [+] POC   :  in search box https://127.0.0.1/fr/recherche
    
    
    An attacker can break the context of HTML attributes using a simple payload like: "><b>test</b>
    
    This results in the insertion of unauthorized HTML elements into the page and can later be developed into a JavaScript execution.
    
    [+] Technical Details :
    
    The application displays user input within an HTML element without any filtering: <input value="USER_INPUT">
    
    When the following is entered: "><b>test</b>
    
    It is interpreted as follows: <input value=""><b>test</b>">
    
    [+] Context broken and a new HTML element injected
    
    [+] Proof of Concept Payload:"><script>alert(document.cookie)</script>
    
    [+] Steps to Reproduce
    
    Go to any input field within the script (form/URL parameter)
    
    Enter the following payload: "><script>alert(1)</script>
    
    [+] Send the request
    
    The JavaScript will be executed in the browser
    
    Greetings to :==============================================================================
    jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|
    ============================================================================================