XSS – Nhat Truong Blog

XSS Polyglots: Test multiple XSS scenarios with ONE payload.

Use the payload for testing multiple XSS scenarios 🙂 That’s all

[CVE-2021-25055] FeedWordPress < 2022.0123- Cross-Site Scripting (Authenticated)

# Referrer: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25055https://wpscan.com/vulnerability/7ed050a4-27eb-4ecb-9182-1d8fa1e71571# Version: 1.0# Tested on: Windows 10 + XAMPP v3.2.4POC:

[CVE-2021-28424] Teachers Record Management System 1.0 – ‘email’ Stored Cross-site Scripting (XSS) vulnerability (Authenticated)

# Exploit Author: nhattruong.blog# Referrer: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28424https://www.exploit-db.com/exploits/50019https://packetstormsecurity.com/files/163171/Teachers-Record-Management-System-1.0-Cross-Site-Scripting.html# Version: 1.0# Tested on: Windows 10 + XAMPP v3.2.4POC: Go to url http://localhost/admin/index.php Do login Execute the payload Reload page to see the different The entry point in ’email’ POST parameter in admin/adminprofile.php Payload: