PHP Invoice 2.2 (Billing and client Management) home.php Xss vuln.

2006.10.02
Credit: meto5757
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 5.1/10
Impact Subscore: 6.4/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

################################################## description : ------------- PHP Invoice designed to automate your entire account, order, billing, ticket system needs. From displaying your sales content, to ordering, PHP Invoice will handle all your billing and authentication requirements with speed and ease. No Matter Webmaster, Web Designer, Business Owner, Web Hosting Company or even Developer, All you need is PHP Invoice. venedor : --------- http://www.phpinvoice.com Exploite : ---------- http://www.example.com/[path]/home.php?msg=Successfully%20updated&alert= [xss] This may allow an attacker to steal cookie-based authentication credentials . ---------------------------- Discoverd by : -------------- meto5757 ---------------------------- Greets : -------- Mesho & Basiony , KaRim (koko) , all my friends . ----------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top