Stored XSS via Send Message Functionality - dolphin.prov7.4.2

Read Time:24 Second

Posted by Andrey Stoykov on Mar 24

# Exploit Title: Stored XSS via Send Message Functionality –
dolphin.prov7.4.2
# Date: 03/2025
# Exploit Author: Andrey Stoykov
# Version: 7.4.2
# Date: 03/2025
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/03/friday-fun-pentest-series-20-stored-xss.html

Stored XSS via Send Message Functionality:

Steps to Reproduce:

1. Login and visit “http://192.168.58.170/dolphinCMS/mail.php?mode=compose"
2. Add…

containernetworking-plugins-1.5.1-2.fc40

FEDORA-2025-f87fe38331 Packages in this update: containernetworking-plugins-1.5.1-2.fc40 Update description: Resolve FTBFS and rhbz#2351926 Read More

March 29, 2025

matrix-synapse-1.111.1-4.fc40

FEDORA-2025-cef83410f7 Packages in this update: matrix-synapse-1.111.1-4.fc40 Update description: Backport fixes from v1.127.1 Read More

March 29, 2025

matrix-synapse-1.118.0-4.fc41

FEDORA-2025-cddcfd6518 Packages in this update: matrix-synapse-1.118.0-4.fc41 Update description: Backport fixes from v1.127.1 Read More

March 29, 2025

matrix-synapse-1.127.1-1.fc42

FEDORA-2025-63751ef564 Packages in this update: matrix-synapse-1.127.1-1.fc42 Update description: Update to v1.127.1 (CVE-2025-30355) Read More

March 29, 2025

cri-tools1.29-1.29.0-11.fc41

FEDORA-2025-37c6639afe Packages in this update: cri-tools1.29-1.29.0-11.fc41 Update description: Resolve FTBFS Resolves: rhbz#2352149 Adopt trivy for license detection to be consistent...

March 29, 2025

cri-tools1.29-1.29.0-11.fc42

FEDORA-2025-adae8279e3 Packages in this update: cri-tools1.29-1.29.0-11.fc42 Update description: Resolve FTBFS Resolves: rhbz#2352149 Adopt trivy for license detection to be consistent...

March 29, 2025

Friday Squid Blogging: Squid Werewolf Hacking Group

Solar Power System Vulnerabilities Could Result in Blackouts

Nine in Ten Healthcare Organizations Use the Most Vulnerable IoT Devices

VanHelsing ransomware: what you need to know

Trump CISA Cuts Threaten US Election Integrity, Experts Warn

Morphing Meerkat PhaaS Platform Spoofs 100+ Brands

AIs as Trusted Third Parties

CoffeeLoader Malware Loader Linked to SmokeLoader Operations

When Getting Phished Puts You in Mortal Danger

Stored XSS via Send Message Functionality – dolphin.prov7.4.2

containernetworking-plugins-1.5.1-2.fc40

matrix-synapse-1.111.1-4.fc40

matrix-synapse-1.118.0-4.fc41

matrix-synapse-1.127.1-1.fc42

cri-tools1.29-1.29.0-11.fc41

cri-tools1.29-1.29.0-11.fc42