3 matches found
Cross-site Scripting (XSS)
Description ihatemoney is vulnerable to Cross-Site Scripting XSS when inviting people via email. Steps to reproduce 1.Go to https://ihatemoney.org/ and try out the demo. 2.In the bottom left, click on Invite people. 3.In the Send via Emails section, input the payload: into the People to notify...
in spiral-project/ihatemoney
💥 BUG clickjacking bug. 💥 STEP TO REPRODUCE I see there is no X-Frame-Options header present in response . So, it allow to load dashboard url in iframe which make clickjacking attack . Iframe will be completely hidden with opacity control so that victim dont suspect . bellow code can be used as...
ihatemoney Resource Management Error Vulnerability
ihatemoney is a web-based shared budget management application. A resource management error vulnerability exists in ihatemoney pypi version 4.1.4 and prior versions, which arises from a mismanagement of system resources e.g., memory, disk space, files, etc. on a networked system or product, and c...