Persistent Cross-Site Scripting in Economizzer Cashbook Entry  – Full Disclosure

Posted on By Joe-W No Comments on Persistent Cross-Site Scripting in Economizzer Cashbook Entry  – Full Disclosure
Alert Feeds

 

Posted by Ron E on May 16

A persistent cross-site scripting (XSS) vulnerability exists in gugoan’s
Economizzer v.0.9-beta1 The application fails to properly sanitize
user-supplied input when creating a new cash book entry via the
*cashbook/create* endpoint. An attacker can inject malicious JavaScript
payloads that are permanently stored and later executed in the context of
any user who views the affected entry.

https://<host>/web/cashbook/create

POST…
 – Read More  – Full Disclosure 

You may also like

Alert Feeds
OXAS-ADV-2025-0001: OX App Suite Security Advisory  – Full Disclosure
April 13, 2025
Alert Feeds
XSS via SVG Image Upload – AlegroCartv1.2.9  – Full Disclosure
April 23, 2025
Alert Feeds
APPLE-SA-05-12-2025-9 Safari 18.5  – Full Disclosure
May 16, 2025
Alert Feeds
Microsoft Windows .XRM-MS File / NTLM Information Disclosure Spoofing  – Full Disclosure
May 1, 2025

Leave a Reply

AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.