3 writeups tagged with XSS
Apache mod_rewrite CVE-2024-38472 XSS in redirect. Stored XSS steals admin cookie for Gitea access. SQLite injection and Gitea hook RCE for root.
WonderCMS CVE-2023-41425 XSS to RCE via theme upload. Credential reuse for lateral movement. Port-forwarded internal tool for command injection privesc.
Markdown XSS for stored cross-site scripting. SSRF via file:// to leak local web app source code, exposed internal site with writable path for root.
