Lucene search
K

33 matches found

Huntr
Huntr
added 2021/07/03 2:52 a.m.6 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored XSS in adding properties lead by adding owners first name and second name. 🕵️‍♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1QbdzPJPHmQPsNl-o43a-Slub4Z3hhNh/view?usp=sharing 💥 Impact This vulnerability is capable of Stored XSS...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/07/03 2:38 a.m.5 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss in membership profile. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the State field. 4. Update the profile and You will see an alert. 💥 Impact This vulnerability is capable of Stored XSS...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/07/03 2:36 a.m.10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss in membership profile. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the city field. 4. Update the profile and You will see an alert. 💥 Impact This vulnerability is capable of Stored xss...

1.4AI score
Exploits0
Huntr
Huntr
added 2021/07/03 2:35 a.m.11 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss in membership profile. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the Address field. 4. Update the profile and You will see an alert. 💥 Impact This vulnerability is capable of stored...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/07/03 2:33 a.m.7 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description There is a stored xss in member profile in the full name 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the Full Name field. 4. Update the profile and You will see an alert. 💥 Impact Stored XSS...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/07/03 1:53 a.m.11 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss in profile state field There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/07/02 7:8 p.m.10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

💥 BUG xss via groupname in item 💥 VERSION TESTED latest version as of 1/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. first goto http://localhost/online-invoice2/app/admin/pageEditGroup.php and add a new group and put bellow xss payload in...

2AI score
Exploits0
Huntr
Huntr
added 2021/07/02 6:37 p.m.10 views

Improper Privilege Management in bigprof-software/online-invoicing-system

💥 BUG privilege escalation bug to add item to a price-history 💥 IMPACT unprivileged user can add item to a price-history 💥 STEP TO REPRODUCE 1. From admin account goto http://localhost/online-invoice2/app/admin/pageViewMembers.php and add new user called user-B .\ Now revoke all acccess from item...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/07/02 1:8 a.m.8 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the State name field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/07/02 1:7 a.m.10 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the City field as tested on the latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the City...

1AI score
Exploits0
Huntr
Huntr
added 2021/07/02 1:4 a.m.5 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Full name field as tested on latest release. 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a user account. 2. Login into the user account. 3. Enter the s"' payload in the Full...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/07/01 6:57 p.m.5 views

Cross-site Scripting (XSS) - Reflected in bigprof-software/online-invoicing-system

✍️ Description /app/admin/pageTransferOwnership.php with sourceMemberID parameter is vulnerable to Reflected XSS. Line 216 of pageTransferOwnership.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in...

0.5AI score
Exploits0References1
Exploit DB
Exploit DB
added 2019/12/03 12:0 a.m.321 views

Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting

Exploit Title: Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link : https://github.com/bigprof-software/online-invoicing-system Software : Online Invoicing Syst...

7.4AI score
Exploits0
Rows per page
Query Builder