Отправить #274372: COGITES eReserv v7.7.58 Reflected XSS (authenticated)Информация

НазваниеCOGITES eReserv v7.7.58 Reflected XSS (authenticated)
ОписаниеYou will have to authenticate to their demo online for the purpose of this PoC On admin panel (Authenticated): The "id=" parameter on tenancyDetail.php is vulnerable to reflected XSS. proof of concept: https://my.e-reserv.com/00000000ereservpro/front/admin/tenancyDetail.php?id=id=%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E
Пользователь
 rubx (UID 62535)
Представление28.01.2024 17:57 (2 лет назад)
Модерация29.01.2024 14:35 (21 hours later)
Статуспринято
Запись VulDB252303 [Cogites eReserv 7.7.58 tenancyDetail.php ИД межсайтовый скриптинг]
Баллы15

Do you want to use VulDB in your project?

Use the official API to access entries easily!