Security
Headlines
HeadlinesLatestCVEs

Headline

PHPJabbers Cleaning Business Software 1.0 Cross Site Scripting

PHPJabbers Cleaning Business Software version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

Packet Storm
#xss#vulnerability#web#windows#linux#git#php#auth
# Exploit Title: PHPJabbers Cleaning Business Software v1.0 - MultipleStored XSS# Date: 19/12/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link:https://www.phpjabbers.com/cleaning-business-software/#sectionDemo# Version: v1.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-51328Descriptions:PHPJabbers Cleaning Business Software v1.0 is vulnerable to MultipleStored Cross-Site Scripting. Multiple Stored XSS is a type of securityvulnerability that occurs when an application or website allows anattacker to inject malicious scripts into the content that ispermanently stored on the server.Steps to Reproduce:1. Login your panel.2. Vulnerable parameters are "c_name, name".3. Go to System Users Menu then click add user.4. Then use any XSS Payload in "Name" input field and Save.5. You will see xss popup.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-51328)

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6