Headline
CVE-2021-45843: CVE-nu11secur1ty/vendors/glfusion/XSS-Reflected at main · nu11secur1ty/CVE-nu11secur1ty
glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. This input was echoed unmodified in the application’s response.
glfusion: XSS-Reflected vulnerability****CVE-2021-45843****Vendor****Description:
glFusion CMS v1.7.9 is affected by XSS-Reflected vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eklaq" accesskey=x onclick=alert(1)//pjq5jrwco4o was submitted in the title parameter. This input was echoed unmodified in the application’s response. An example attack: A simple lure is sent by an attacker for the victim on email, to visit a vulnerable website, using their website for this lure.
Proof end explot: