Home / os / winme

Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass

Posted on 16 November 2022

Revenue Collection System version 1.0 suffers from a persistent cross site scripting vulnerability allowing an authenticated client user to add an administrative user account to the application then log in as the newly created admin.

 

TOP