Vulnerability CVE-2023-30454


Published: 2023-04-28

Description:
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be passed to an eval() function and executed upon pressing the continue button.

See advisories in our WLB2 database:
Topic
Author
Date
Low
ebankIT 6 Cross Site Scripting
Jake Murphy
30.04.2023

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://packetstormsecurity.com/files/172063/ebankIT-6-Cross-Site-Scripting.html
https://blog.ebankit.com/blog-press

Copyright 2024, cxsecurity.com

 

Back to Top