Simple Invoice version 2011 suffers from a persistent cross site scripting vulnerability.
b7e6887a45c5931cb176e53c1412937e536b0e740967f6ff17918aae0d32a09a# Affected software: simple invoice
# Type of vulnerability:stored xss
# URL:simpleinvoices.org
# Discovered by: provensec
# Website: provensec.com
#version:2011
# Proof of concept
goto
http://demo.simpleinvoices.org/index.php?module=payment_types&view=manage
add new or edit some older payment type and fill the description filed with
xss payload
and save it javascript will execute
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed