19 lines
No EOL
993 B
Text
19 lines
No EOL
993 B
Text
Advisory Name: Multiple Permanent Cross-site Scripting in Phreebooks v2.0
|
||
Internal Cybsec Advisory Id:
|
||
Vulnerability Class: Permanent Cross-site Scripting
|
||
Release Date: 2010-05-26
|
||
Affected Applications: Phreebooks v2.0
|
||
Affected Platforms: Any running Phreebooks v2.0
|
||
Local / Remote: Remote
|
||
Severity: Medium – CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
|
||
Researcher: Gustavo Sorondo
|
||
Vendor Status: N/A
|
||
Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf
|
||
Vulnerability Description:
|
||
Multiple permanent Cross-site Scripting vulnerabilities were found in Phreebooks v2.0, because the
|
||
application fails to sanitize user-supplied input. The vulnerability can be triggered by any logged-in
|
||
user who is able to add or modify Vendors, Customers, Employees or Inventary items.
|
||
|
||
|
||
Download:
|
||
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/13776.pdf (cybsec_advisory_2010_0603_Phreebooks_v2_0_Multiple_Permanent_Cross_site_Scripting.pdf) |