An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
https://shell01.top/2018/12/14/scms-xss/#more | url repurposed third party advisory exploit |