Submit #274372: COGITES eReserv v7.7.58 Reflected XSS (authenticated)info

TitleCOGITES eReserv v7.7.58 Reflected XSS (authenticated)
DescriptionYou will have to authenticate to their demo online for the purpose of this PoC On admin panel (Authenticated): The "id=" parameter on tenancyDetail.php is vulnerable to reflected XSS. proof of concept: https://my.e-reserv.com/00000000ereservpro/front/admin/tenancyDetail.php?id=id=%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E
User
 rubx (UID 62535)
Submission01/28/2024 17:57 (2 years ago)
Moderation01/29/2024 14:35 (21 hours later)
StatusAccepted
VulDB entry252303 [Cogites eReserv 7.7.58 tenancyDetail.php ID cross site scripting]
Points15

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!