Exploit/Advisories no image

Published on May 3rd, 2024 📆 | 6025 Views ⚑

0

SOPlanning 1.52.00 Cross Site Scripting – Torchsec


Convert Text to Speech

Exploit Title: SOPlanning v1.52.00 'groupe_save.php' XSS (Reflected XSS)
Application: SOPlanning
Version: 1.52.00
Date: 4/22/24
Exploit Author: Joseph McPeters (Liquidsky)
Vendor Homepage: https://www.soplanning.org/en/
Software Link: https://sourceforge.net/projects/soplanning/
Tested on: Linux
CVE: Not yet assigned

Description: SOPlanning v1.52.00 is vulnerable to XSS via the 'groupe_id' parameters a remote unautheticated attacker can hijack the admin account or other users. The remote attacker can hijack a users session or credentials and perform a takeover of the entire platform.

Example Payload:
">