Hotspot Express hotEx Billing Manager Cross-Site Scripting Vulnerability

Hotspot Express is a complete WiFi solution from Hotspot Express India that manages and protects wired and wireless networks. hotEx Billing Manager is one of the software solutions that integrates Captive Portal, AAA and Billing for WiFi hotspot management. Hotspot Express hotEx Billing Manager i...

CVE-2015-3319

Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

Design/Logic Flaw

Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

CVE-2015-3319

CVE-2015-3319 affects Hotspot Express hotEx Billing Manager version 73. The root cause is absence of the HttpOnly flag in Set-Cookie headers, enabling potential access to cookies via client-side scripts by remote attackers. Multiple sources (NVD entry and CNVD/OpenVAS notes) corroborate this expo...

CVE-2015-3319

Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

Hotspot Express hotEx Billing Manager cgi-bin/hotspotlogin.cgi Cross-Site Scripting Vulnerability

Hotspot Express hotEx Billing Manager is a billing management system. A cross-site scripting vulnerability in Hotspot Express hotEx Billing Manager cgi-bin/hotspotlogin.cgi allows attackers to submit special reply parameters to inject malicious HTML or scripts and obtain sensitive information...

CVE-2015-2781

Cross-site scripting XSS vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter...

CVE-2015-2781

CVE-2015-2781 describes a cross-site scripting (XSS) vulnerability in Hotspot Express hotEx Billing Manager 73, via the hotspotlogin.cgi parameter reply. A malicious user can inject script into pages viewed by other users; PoC shows script execution (e.g., alert(document.cookie)). The vulnerable ...