CVE-2019-7552 PHP Scripts Mall Investment MLM Software 2.0.2 Stored XSS

DESCRIPTION

An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2.
Stored XSS was found in the the My Profile Section. This is due to lack of
sanitization in the Edit Name section.

VENDOR

PHP Scripts Mall Pvt. Ltd.
[Affected Product Code Base]
Investment MLM Software(link-https://www.phpscriptsmall.com/product/investment-mlm/) - 2.0.2

POC

1.GO to http://198.38.86.159/~onlineexamboard/demo/investment-mlm/
2. Request a test account "Click Here For User Demo Link"

3. Login and go to my profile.
4. Input payload <script>alert(document.domain)</script> and xss gets popped.

PROOF

Comments

BdtasksoftSeptember 13, 2020 at 4:26 AM
Bdtask is a digital experience software development and IT company in Bangladesh. We provide custom mobile, web and desktop software development services all over the software solution.
ecommerce PHP script
ReplyDelete
Replies
JESIApril 2, 2021 at 2:50 AM
Thank you bloger that was an amazing blogs it was very useful for me.i wish you to Have a glance on our PHP READYMADE CLONE SCRIPT though you are unlikely to realize a similar level of success you'll be able to positively take pleasure in employing a for your website.
ReplyDelete
Replies

Security Hit List

Search This Blog

CVE-2019-7552 PHP Scripts Mall Investment MLM Software 2.0.2 Stored XSS

DESCRIPTION

VENDOR

POC

PROOF

Comments

Post a Comment

Popular posts from this blog

CVE-2019-7553 Stores XSS in PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1

CVE-2019-7554 Reflected XSS in API based travel booking - 3.4.7