9 matches found
BookFresh - Persistent Clients Invite Vulnerability
Document Title: =============== BookFresh - Persistent Clients Invite Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1351 Release Date: ============= 2014-10-28 Vulnerability Laboratory ID VL-ID: ==================================== 1351...
BookFresh Persistent Cross Site Scripting
Document Title: =============== BookFresh - Persistent Clients Invite Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1351 Release Date: ============= 2014-10-28 Vulnerability Laboratory ID VL-ID: ==================================== 1351...
BookFresh - Persistent Clients Invite Vulnerability
Document Title: =============== BookFresh - Persistent Clients Invite Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1351 Release Date: ============= 2014-10-28 Vulnerability Laboratory ID VL-ID: ==================================== 1351...
BookFresh - Persistent Clients Invite Vulnerability
Document Title: =============== BookFresh - Persistent Clients Invite Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1351 Release Date: ============= 2014-10-28 Vulnerability Laboratory ID VL-ID: ==================================== 1351...
Bookfresh: Reflected XSS on www.bookfresh.com/index.html?view=upload_form
The issue is in the view uploadform. Description When you show an upload form in the site you use an URL like this: https://www.bookfresh.com/index.html?standalone=1&e=0c551a759eb62ba457d017569617eaa8&bk=FFFFFF&view=uploadform And you show the value of the parameter bk in the page: body...
Square: Editing Client Details of other People
Hi there, I have found out that there is no "authorization" in which prohibits a user to modify client's data of other users. As per sample I have two2 accounts: One freebie account and One subscribed account Monthly The freebie account has a Client with ID : f42b88d1af62f0a9d240024e83690174. Tha...
Square: XSS on bookfresh
Hi, Xss is triggered on https://www.bookfresh.com/cindex.php/profile/edit/cs/staffmember Payload: %22onmouseover%3Dprompt%281%29%20mik%22 Steps to reproduce Create a new staff and put our payload on the name of the staff. Refresh the page Edit the staff and mouseover to the name of the staff and...
Square: XSS in Client Past Activity
Here is another reflected XSS. https://www.bookfresh.com/index.html?view=pastactivity&id=gwapo"svg/onload=window.onerror=alert;throw/XSS/;// Kindly have a look sir. Clifford...
Square: XSS [BookFresh]
Hi there, I found a Cross Site Scripting in the bookfresh website, what I found it to be significant is, its publicly facing. Any user who points his browser to : Proof of Concept XSS. Use Firefox Then will be greeted by a javascript pop up. Kindly have a look sir. Cheers, Clifford...