Persistent Cross-Site Scripting in Economizzer Category Entry – Full Disclosure
Posted by Ron E on May 16
A persistent cross-site scripting (XSS) vulnerability exists in gugoan’s
Economizzer v.0.9-beta1. The application fails to properly sanitize
user-supplied input when creating a new category via the
*category/create *endpoint.
An attacker can inject malicious JavaScript payloads that are permanently
stored and later executed in the context of any user who views the affected
entry.
https://<host>/web/category/create
POST…
– Read More – Full Disclosure