Full title: CHAOS 5.0.8 Cross Site Scripting / Remote Command Execution Exploit 
Category: remote exploits
Platform: multiple
CHAOS version 5.0.8 is a free and open-source Remote Administration Tool that allows generated binaries to control remote operating systems. The web application contains a remote command execution vulnerability which can be triggered by an authenticated user when generating a new executable. The web application also contains a cross site scripting vulnerability within the view of a returned command being executed on an agent.

# 0day.today @ http://0day.today/