Abhishek Joshi - Security Researcher - Exploit Intelligence Platform

CVE-2021-47860 WRITEUP MEDIUM WORKING POC

GetSimple CMS Custom JS Plugin 0.1 - CSRF leading to XSS and RCE

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.

CVSS 5.3

View Code

CVE-2021-47860 EXPLOITDB MEDIUM python WORKING POC

GetSimple CMS Custom JS Plugin 0.1 - CSRF leading to XSS and RCE

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.

CVSS 5.3

View Code

CVE-2021-47860 EXPLOITDB MEDIUM html WORKING POC

GetSimple CMS Custom JS Plugin 0.1 - CSRF leading to XSS and RCE

GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.

CVSS 5.3

View Code