Cross-site Scripting (XSS) - Stored in boxbilling/boxbilling

Description Stored XSS at parameter 'iconurl' when Create New Product, New Category or New Addon Proof of Concept // PoC.req POST /BoxBilling/src/index.php?url=/api/admin/product/update HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101...

CVE-2008-4178

CVE-2008-4178: SQL injection in tr.php is exploitable via the id parameter in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder. Affected components: DownlineGoldmine family plugins/addons. Root cause: unsanitized id parameter leading to arbit...