Exploit for News247 News Magazine 1.0 Cross Site Scripting CVE-2021-41731

## https://sploitus.com/exploit?id=PACKETSTORM:168384
# Exploit Title: News247 - News Magazine (CMS) v1.0 – Stored Cross Site Scripting (XSS)   
# Exploit Author: Ravinder Verma   
# Date: Septmeber 14, 2022   
# Vendor Homepage: https://www.sourcecodester.com/php/14952/news247-news-magazine-php-script.html   
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/news247.zip   
# Tested on: Kali Linux, Apache, Mysql   
# Vendor: 255programmer   
# Version: v1.0   
# CVE [Reserved] : CVE-2021-41731   
# Exploit Description:  
  
# News247 - News Magazine (CMS) v1.0 suffers from a stored cross site  
scripting (XSS) Vulnerability. Admin can publish blogs under various  
categories. When creating new "blog category", if admin give malicious  
payload like *""><img src=x onerror=alert(document.cookie)>* into the  
category name field and publish that blog. Then it allows you to execute  
arbitrary JavaScript in the context of the whole user who visited that  
page. It can be abused to steal session cookies, perform requests in the  
name of the victim or for phishing attacks.