CVE-2018-7465
MEDIUMVirtueMart < 3.2.14 - Stored Cross-Site Scripting via Backend Textarea Closure
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-7465. PoCs published by Mattia Furlani.
AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in VirtueMart before 3.2.14. The exploit involves injecting a closing textarea tag followed by a script tag into a textarea field, which executes when the field is edited again.
Description
An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.
Exploits (1)
This is a writeup describing a persistent XSS vulnerability in VirtueMart before 3.2.14. The exploit involves injecting a closing textarea tag followed by a script tag into a textarea field, which executes when the field is edited again.
References (3)
Scores
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N