Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass
Posted on 16 November 2022
Revenue Collection System version 1.0 suffers from a persistent cross site scripting vulnerability allowing an authenticated client user to add an administrative user account to the application then log in as the newly created admin.