Headline
CVE-2022-34991: CVE-nu11secur1ty/vendors/paymoney/2022/paymoney-3.3 at main · nu11secur1ty/CVE-nu11secur1ty
Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters.
main
Switch branches/tags
CVE-nu11secur1ty/vendors/paymoney/2022/paymoney-3.3/
Go to file
CVE-nu11secur1ty/vendors/paymoney/2022/paymoney-3.3/
Latest commit
nu11secur1ty Add files via upload
9656e7d
Jul 4, 2022
Add files via upload
9656e7d
Git stats
- History
Files
Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
. .
Docs
Add files via upload
Jul 4, 2022
README.MD
Update README.MD
Jul 4, 2022
paymoney-3.3 Description: STATUS: Proof and Exploit: Proof and Exploit:
README.MD
Description:
The parameters first_name and last_name in Users are vulnerable from XSS-Reflected on Paymoney-3.3. The already authenticated users can be hijacking the XSRF-Token and they can use it for malicious purposes on internal and external domains.
STATUS:
Medium
Proof and Exploit:
Proof and Exploit:
href