The provided text describes a cross-site scripting (XSS) vulnerability in Jaow CMS 2.4.8, where an attacker can inject arbitrary script code via the 'add_ons' parameter in the 'add_ons.php' file. The vulnerability allows for the execution of malicious scripts in the context of the affected site, potentially leading to credential theft or other attacks.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:Jaow CMS 2.4.8
No auth needed
Prerequisites:Access to the vulnerable 'add_ons.php' endpoint