Home / os / wins2003

Simple Invoice 2011 Cross Site Scripting

Posted on 22 May 2015

# Affected software: simple invoice # Type of vulnerability:stored xss # URL:simpleinvoices.org # Discovered by: provensec # Website: provensec.com #version:2011 # Proof of concept goto http://demo.simpleinvoices.org/index.php?module=payment_types&view=manage add new or edit some older payment type and fill the description filed with xss payload and save it javascript will execute

 

TOP