Invia #274372: COGITES eReserv v7.7.58 Reflected XSS (authenticated)informazioni

TitoloCOGITES eReserv v7.7.58 Reflected XSS (authenticated)
DescrizioneYou will have to authenticate to their demo online for the purpose of this PoC On admin panel (Authenticated): The "id=" parameter on tenancyDetail.php is vulnerable to reflected XSS. proof of concept: https://my.e-reserv.com/00000000ereservpro/front/admin/tenancyDetail.php?id=id=%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E
Utente
 rubx (UID 62535)
Sottomissione28/01/2024 17:57 (2 anni fa)
Moderazione29/01/2024 14:35 (21 hours later)
StatoAccettato
Voce VulDB252303 [Cogites eReserv 7.7.58 tenancyDetail.php ID cross site scripting]
Punti15

Do you know our Splunk app?

Download it now for free!