Posts

Showing posts from February, 2018

Stored XSS Vulnerability in PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9-[CVE-2018-7469]

Image
[+] Credits: Neeraj Kumar [+] Email: neeraj.iiita2009@gmail.com Vendor: ==================== https://www.phpscriptsmall.com/ Product: =================== Entrepreneur Job Portal Script 2.0.9 Link to access the Product: ===================== https://www.phpscriptsmall.com/product/entrepreneur-job-portal-script/ Vulnerability Type: ========================== Cross site scripting - Stored XSS CVE Reference: ============== CVE-2018-7469 Vulnerability Details: ====================== PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 Application is vulnerable to stored XSS within the "Industry Type" function in 'Manage Site'. Within the Industry Type section the application does not sanitize user supplied input and renders injected javascript code to the users browsers. Also with this injection, it affects the user page. An attackers use this vulnerability to inject malicious javascript code such as hijack user sessions, malicious redirect,