{"id":46970,"date":"2026-04-14T13:48:00","date_gmt":"2026-04-14T13:48:00","guid":{"rendered":"http:\/\/localhost\/?p=46970"},"modified":"2026-04-14T13:48:00","modified_gmt":"2026-04-14T13:48:00","slug":"cms-sense-20-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=46970","title":{"rendered":"\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting_PACKETSTORM:218892"},"content":{"rendered":"

{“lastseen”:”2026-04-14T17:32:48″,”description”:”CMS Sense version 2.0 suffers from a cross site scripting vulnerability…”,”published”:”2026-04-14T00:00:00″,”modified”:”2026-04-14T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:218892″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”==================================================================================================================================\\n | # Title : CMS sense v 2.0 HTML Injection Leading to XSS via Attribute Breakout |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.4 (64 bits) |\\n | # Vendor : https:\/\/senseconseil.com\/en\/ |\\n ==================================================================================================================================\\n \\n [+] Summary : A vulnerability has been identified in a content management script due to improper input sanitization. An attacker can inject \\n malicious HTML payloads such as \\”\\u003e\\u003cb\\u003etest\\u003c\/b\\u003e to break out of HTML attributes and manipulate the DOM structure. \\n \\t\\t\\t\\t This issue can be escalated into Cross-Site Scripting (XSS), allowing execution of arbitrary JavaScript in the victim\u2019s browser. \\n Successful exploitation may lead to session hijacking, cookie theft, and unauthorized actions performed on behalf of the user.\\n \\n [+] POC : in search box https:\/\/127.0.0.1\/fr\/recherche\\n \\n \\n An attacker can break the context of HTML attributes using a simple payload like: \\”\\u003e\\u003cb\\u003etest\\u003c\/b\\u003e\\n \\n This results in the insertion of unauthorized HTML elements into the page and can later be developed into a JavaScript execution.\\n \\n [+] Technical Details :\\n \\n The application displays user input within an HTML element without any filtering: \\u003cinput value=\\”USER_INPUT\\”\\u003e\\n \\n When the following is entered: \\”\\u003e\\u003cb\\u003etest\\u003c\/b\\u003e\\n \\n It is interpreted as follows: \\u003cinput value=\\”\\”\\u003e\\u003cb\\u003etest\\u003c\/b\\u003e\\”\\u003e\\n \\n [+] Context broken and a new HTML element injected\\n \\n [+] Proof of Concept Payload:\\”\\u003e\\u003cscript\\u003ealert(document.cookie)\\u003c\/script\\u003e\\n \\n [+] Steps to Reproduce\\n \\n Go to any input field within the script (form\/URL parameter)\\n \\n Enter the following payload: \\”\\u003e\\u003cscript\\u003ealert(1)\\u003c\/script\\u003e\\n \\n [+] Send the request\\n \\n The JavaScript will be executed in the browser\\n \\n Greetings to :==============================================================================\\n jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\\n ============================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/218892″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/218892\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-04-14T17:32:48″,”description”:”CMS Sense version 2.0 suffers from a cross site scripting vulnerability…”,”published”:”2026-04-14T00:00:00″,”modified”:”2026-04-14T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:218892″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”==================================================================================================================================\\n | # Title : CMS sense v 2.0…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-46970","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting_PACKETSTORM:218892 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=46970\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting_PACKETSTORM:218892 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-04-14T17:32:48″,”description”:”CMS Sense version 2.0 suffers from a cross site scripting vulnerability…”,”published”:”2026-04-14T00:00:00″,”modified”:”2026-04-14T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:218892″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”==================================================================================================================================n | # Title : CMS sense v 2.0...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=46970\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-14T13:48:00+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46970#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46970\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting_PACKETSTORM:218892\",\"datePublished\":\"2026-04-14T13:48:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46970\"},\"wordCount\":464,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=46970#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46970\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46970\",\"name\":\"\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting_PACKETSTORM:218892 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-04-14T13:48:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46970#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=46970\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46970#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting_PACKETSTORM:218892\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting_PACKETSTORM:218892 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=46970","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting_PACKETSTORM:218892 - zero redgem","og_description":"{“lastseen”:”2026-04-14T17:32:48″,”description”:”CMS Sense version 2.0 suffers from a cross site scripting vulnerability…”,”published”:”2026-04-14T00:00:00″,”modified”:”2026-04-14T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:218892″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”==================================================================================================================================n | # Title : CMS sense v 2.0...","og_url":"https:\/\/zero.redgem.net\/?p=46970","og_site_name":"zero redgem","article_published_time":"2026-04-14T13:48:00+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=46970#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=46970"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting_PACKETSTORM:218892","datePublished":"2026-04-14T13:48:00+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=46970"},"wordCount":464,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=46970#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=46970","url":"https:\/\/zero.redgem.net\/?p=46970","name":"\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting_PACKETSTORM:218892 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-04-14T13:48:00+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=46970#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=46970"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=46970#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 CMS Sense 2.0 Cross Site Scripting_PACKETSTORM:218892"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/46970","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=46970"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/46970\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=46970"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=46970"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=46970"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}