Pwnmonkeylab

**Name of the Vulnerable Software and Affected Versions** MiniCMS version 1.10 **Description** A stored XSS issue was discovered in the content box of mc-admin/page-edit.php, which can be exploited to obtain a user's cookie. **Recommendations** For MiniCMS version 1.10, consider disabling the editing functionality in mc-admin/page-edit.php until a patch is available to prevent exploitation of the stored XSS issue.

In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the content box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, CVE-2018-20520, and CVE-2019-13186.

**Name of the Vulnerable Software and Affected Versions** MiniCMS version 1.10 **Description** A stored XSS issue was discovered in the comment box of mc-admin/conf.php, which can be exploited to obtain a user's cookie. **Recommendations** For MiniCMS version 1.10, consider disabling the comment box functionality in mc-admin/conf.php as a temporary workaround until a patch is available. Restrict access to the mc-admin/conf.php file to minimize the risk of exploitation.