发布于3月5日3月5日 Members # Exploit Title: Academy-LMS 4.3 - Stored XSS # Date: 19/12/2020 # Vendor page: https://academy-lms.com/ # Version: 4.3 # Tested on Win10 and Google Chrome # Exploit Author: Vinicius Alves # XSS Payload: </script><svg onload=alert();> 1) Access LMS and log in to admin panel 2) Access courses page 3) Open course manager and SEO menu 4) Paste the XSS Payload tag and Submit 5) Access the course page on frontend 6) Trigged!
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。