10 matches found
CVE-2022-37137
PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...
CVE-2022-37140
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...
CVE-2022-37140
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...
CVE-2022-37140
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...
CVE-2022-37137
PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...
Cross site scripting
PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...
Remote code execution
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...
CVE-2022-37137
PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...
Paymoney 3.3 Cross Site Scripting Vulnerability
Title: paymoney-3.3 XSS-Reflected Author: nu11secur1ty Vendor: https://paymoney.techvill.org/ Software: paymoney-3.3 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/paymoney/2022/paymoney-3.3 Description: The parameters firstname and lastname in Users are vulnerable...
Paymoney 3.3 Cross Site Scripting
Title: paymoney-3.3 XSS-Reflected Author: nu11secur1ty Date: 07.02.2022 Vendor: https://paymoney.techvill.org/ Software: paymoney-3.3 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/paymoney/2022/paymoney-3.3 Description: The parameters firstname and lastname in User...