Enviar #274372: COGITES eReserv v7.7.58 Reflected XSS (authenticated)información

TítuloCOGITES eReserv v7.7.58 Reflected XSS (authenticated)
DescripciónYou will have to authenticate to their demo online for the purpose of this PoC On admin panel (Authenticated): The "id=" parameter on tenancyDetail.php is vulnerable to reflected XSS. proof of concept: https://my.e-reserv.com/00000000ereservpro/front/admin/tenancyDetail.php?id=id=%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E
Usuario
 rubx (UID 62535)
Sumisión2024-01-28 17:57 (hace 2 años)
Moderación2024-01-29 14:35 (21 hours later)
EstadoAceptado
Entrada de VulDB252303 [Cogites eReserv 7.7.58 tenancyDetail.php ID secuencias de comandos en sitios cruzados]
Puntos15

Do you want to use VulDB in your project?

Use the official API to access entries easily!