PHP Invoice 2.2 (Billing and client Management) home.php Xss vuln.

2006.10.02

Credit: meto5757

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-5074

CWE: CWE-Other

CVSS Base Score: 5.1/10

Impact Subscore: 6.4/10

Exploitability Subscore: 4.9/10

Exploit range: Remote

Attack complexity: High

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

##################################################
description :
-------------
PHP Invoice designed to automate your entire account, order, billing, ticket system needs. From displaying your sales content, to ordering, PHP Invoice will handle all your billing and authentication requirements with speed and ease.
No Matter Webmaster, Web Designer, Business Owner, Web Hosting Company or even Developer, All you need is PHP Invoice.
venedor :
---------
http://www.phpinvoice.com
Exploite :
----------
http://www.example.com/[path]/home.php?msg=Successfully%20updated&alert=
[xss]
This may allow an attacker to steal cookie-based authentication credentials .
----------------------------
Discoverd by :
--------------
meto5757
----------------------------
Greets :
--------
Mesho & Basiony , KaRim (koko) , all my friends .
----------------------------

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PHP Invoice 2.2 (Billing and client Management) home.php Xss vuln.

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.