Headline

CVE-2022-34991: CVE-nu11secur1ty/vendors/paymoney/2022/paymoney-3.3 at main · nu11secur1ty/CVE-nu11secur1ty

Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters.

2 years ago

CVE

Open in Source

#xss #vulnerability #git #auth

main

Switch branches/tags

CVE-nu11secur1ty/vendors/paymoney/2022/paymoney-3.3/

Go to file

CVE-nu11secur1ty/vendors/paymoney/2022/paymoney-3.3/

Latest commit

nu11secur1ty Add files via upload

9656e7d

Jul 4, 2022

Add files via upload

9656e7d

Git stats

History

Files

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

. .

Docs

Add files via upload

Jul 4, 2022

README.MD

Update README.MD

Jul 4, 2022

paymoney-3.3 Description: STATUS: Proof and Exploit: Proof and Exploit:

README.MD

Description:

The parameters first_name and last_name in Users are vulnerable from XSS-Reflected on Paymoney-3.3. The already authenticated users can be hijacking the XSRF-Token and they can use it for malicious purposes on internal and external domains.

STATUS:

Medium

Proof and Exploit:

href

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

10 months ago

10 months ago

10 months ago

10 months ago

10 months ago