Stored XSS via Send Message Functionality – dolphin.prov7.4.2  – Full Disclosure

Posted by Andrey Stoykov on Mar 24

# Exploit Title: Stored XSS via Send Message Functionality –
dolphin.prov7.4.2
# Date: 03/2025
# Exploit Author: Andrey Stoykov
# Version: 7.4.2
# Date: 03/2025
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/03/friday-fun-pentest-series-20-stored-xss.html

Stored XSS via Send Message Functionality:

Steps to Reproduce:

1. Login and visit “http://192.168.58.170/dolphinCMS/mail.php?mode=compose"
2. Add…
 – Read More  – Full Disclosure