Share
## https://sploitus.com/exploit?id=PACKETSTORM:165078
# Exploit Title: Bagisto 1.3.3 - Client-Side Template Injection  
# Date: 11-25-2021  
# Exploit Author: Mohamed Abdellatif Jaber  
# Vendor Homepage: https://bagisto.com/en/  
# Software Link: https://github.com/bagisto/bagisto  
# Version: v1.3.3  
# Tested on: [windows | chrome | firefox ]  
  
Exploit :.  
1- register an account and login your account  
2- go to your profile and edit name , address  
2- and put this payload {{constructor.constructor('alert(document.domain)')()}}  
3- admin or any one view order or your profile will execute arbitrary JS-code  
.  
  
rf:https://portswigger.net/kb/issues/00200308_client-side-template-injection