• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.
 

Recommended Providers

Jetpack
Fully Managed WordPress Hosting
lc_banner_leadgen_3
Fully Managed WordPress Hosting

WordPress Theme

Divi WordPress Theme
WPZOOM

Forum Membership

Forum Membership

HostBill - XSS Admin Hijack Security Vulnerability

Started by Kailash, December 15, 2013, 01:24:44 AM



Kailash

QuoteType: XSS
                Location: Remote
                  Impact: High
                 Product: HostBill
                Website: http://www.hostbillapp.com
Vulnerable Version: 2013-12-11
        Fixed Version: 2013-12-14
                     Date: 2013-12-14
         Reported By: Rack911

Vulnerability Description:

There is an XSS vulnerability present within HostBill that would allow a malicious user to obtain the admin session cookie which could then be used to hijack access to the panel.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that the admin account(s) can be hijacked.

Vulnerable Version:

This vulnerability was tested against HostBill v2013-12-11.


Fixed Version:

This vulnerability was patched in HostBill v2013-12-14.