Download Manager <= 3.2.43 — Contributor+ Cross-Site Scripting

Download Manager Cross-Site Scripting

Plugin — 3.2.43 (3.2.43)

Description

Stored Cross-Site Scripting Download Manager

I want to communicate this vulnerability discovered via upload file (authenticated).

When you add the xss javascript code to the field: “url” and click on it, it will be interpreted.

Code affected:

<input type=”url” id=”rurl” class=”form-control” placeholder=”Insert URL” style=”margin-right: -1px”>

Xss payload used: <x onmouseup=alert(document.cookie);>click this!