CVE-2018-15183:Myperfectresume / JobHero / Resume Clone Script 2.0.6 – has Stored XSS Vulnerability via Full name and Title

CVE-2018-15183 – MySelf Vikas Chaudhary , i’m Cyber Security Analyst , I found that specified PHPSCRIPTSMALL- Myperfectresume / JobHero / Resume Clone Script 2.0.6 – Stored XSS Vulnerability via Full name and Title . To exploit this vulnerability, the following steps were taken.

VENDOR SUMMARY :- PHP Scripts Mall Pvt. Ltd. is a professional software selling portal offering wide range of innovative. PHP Scripts Mall is a leading business and technology firm with 12 years of successful track record in completion and implementation of numerous projects in various verticals and domains.. It has 300 plus PHP scripts ready to buy.

VULNERABILITY DESCRIPTION :- Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites.XSS attacks occur when an attacker uses a web application to send malicious code, Attacker can Change the web interface or can dedirect to Admin or User to any malicious Link.

1-Go to Vendor Product Link or Click here

CVE-2018-15183-Vikas Chaudhary

2- Select REGISTER page (Register now) .

3- Create an account using your Email address and paste this Script in following Parameter

In Full Name => < *img src =x onError=alert("VIKAS")>

In Title => < *img src =x onError=alert("CHAUDHARY")>

[ Note=> Remove * from script]

CVE-2018-15183-Vikas Chaudhary

4-Now login it using your Email and Password .

5- You will having two popup of VIKAS and CHAUDHARY in you account when you loged in.

CVE-2018-15183-Vikas Chaudhary

CVE-2018-15183-Vikas Chaudhary

CVE-2018-15183-Vikas Chaudhary

My Previous CVE (Visit Once)…



One Response
  1. Nkiru Sylvanus September 21, 2018 / Reply

Leave a Reply