3 matches found
Hotspot Express hotEx Billing Manager Cross-Site Scripting Vulnerability
Hotspot Express is a complete WiFi solution from Hotspot Express India that manages and protects wired and wireless networks. hotEx Billing Manager is one of the software solutions that integrates Captive Portal, AAA and Billing for WiFi hotspot management. Hotspot Express hotEx Billing Manager i...
CVE-2015-3319
Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2015-2781
CVE-2015-2781 describes a cross-site scripting (XSS) vulnerability in Hotspot Express hotEx Billing Manager 73, via the hotspotlogin.cgi parameter reply. A malicious user can inject script into pages viewed by other users; PoC shows script execution (e.g., alert(document.cookie)). The vulnerable ...