RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
Severity: mediumType: exploit
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
Indicators of Compromise
- exploit-code: # Exploit Title: RiteCMS 3.0.0 – Reflected Cross-Site Scripting (XSS) # Google Dork: N/A # Date: 2024-08-12 # Exploit Author: GURJOT SINGH # Vendor Homepage: https://ritecms.com/ # Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.0.0/ritecms.v3.0.0.zip # Version: <= 3.0.0 # Tested on: Ubuntu 22.04 LTS, PHP 8.1, Apache 2.4 # CVE: CVE-2024-28623 ## Description: A reflected Cross-Site Scripting (XSS) vulnerability exists in RiteCMS v3.0.0 within the `main_menu/edit_section` parameter. An attacker can inject arbitrary JavaScript code that will execute in the context of the victim's browser session. ## Impact: - Theft of credentials or session tokens - Phishing or malicious redirection - Full control over the victim’s active browser session ## Proof of Concept (PoC): Payload: '"><svg/onload=confirm(/xsss/)> Steps: 1. Log in or navigate to the vulnerable `main_menu/edit_section` functionality. 2. Inject the above payload into the vulnerable parameter. 3. Observe the execution of the injected JavaScript. Video PoC: https://github.com/GURJOTEXPERT/ritecms/blob/main/POC.mp4 Full write-up & repository: https://github.com/GURJOTEXPERT/ritecms ## Mitigation: - Implement strict input validation and output encoding. - Enforce a Content Security Policy (CSP) to limit script execution. - Update RiteCMS to a patched version when available.
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
Medium
Published: Mon Aug 18 2025 (08/18/2025, 00:00:00 UTC)
Source: Exploit-DB RSS Feed
Description
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
Technical Details
- Edb Id
- 52413
- Has Exploit Code
- true
- Code Language
- text
Indicators of Compromise
Exploit Source Code
Exploit Code
Exploit code for RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
# Exploit Title: RiteCMS 3.0.0 – Reflected Cross-Site Scripting (XSS) # Google Dork: N/A # Date: 2024-08-12 # Exploit Author: GURJOT SINGH # Vendor Homepage: https://ritecms.com/ # Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.0.0/ritecms.v3.0.0.zip # Version: <= 3.0.0 # Tested on: Ubuntu 22.04 LTS, PHP 8.1, Apache 2.4 # CVE: CVE-2024-28623 ## Description: A reflected Cross-Site Scripting (XSS) vulnerability exists in RiteCMS v3.0.0 within the `main_menu/edit_section`... (877 more characters)
Code Length: 1,377 characters
Threat ID: 68a3d92dad5a09ad00eed71b
Added to database: 8/19/2025, 1:53:49 AM
Last updated: 8/19/2025, 1:53:49 AM
Views: 1
Related Threats
BigAnt Office Messenger 5.6.06 - SQL Injection
MediumExploitTue Aug 19 2025
PHPMyAdmin 3.0 - Bruteforce Login Bypass
CriticalExploitTue Aug 19 2025
Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure
MediumExploitTue Aug 19 2025
Soosyze CMS 2.0 - Brute Force Login
CriticalExploitTue Aug 19 2025
Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)
MediumExploitTue Aug 19 2025
Actions
Please log in to the Console to use AI analysis features.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.