sec👨‍💻fortress:~#

Defensive By Offensive!.

View on GitHub

CVE-2024-55341

image


Desc : An authenticated remote attacker could inject a malicious JavaScript code in the /manager/pages endpoint of Piranha CMS 11.1 as a markdown content which could be executed in the web browser of a victim user.

Steps To Reproduce:

1. Login via the manager endpoint :: /manager/login
2. Navigate to the "Pages" Content
3. Click "Add Page" > "Standard Page"
4. Add Page title to whatever you like
5. Click [+] button and select "Markdown" under "Content"
6. Use payload: "<img src=x onerror=alert(document.cookie) />", to get cookies and you should get a pop-up