Posted by Andrey Stoykov on Aug 01

# Exploit Title:
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 3.2
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com

XSS #1:

File: roles.edit.post.php

Line #57:

[…]
<div class=”field-wrap <?php echo $Form->error(‘roleTitle’, false);?>”>
<?php echo $Form->label(‘roleTitle’, ‘Title’); ?>
<div class=”form-entry”>…

Read More