HostBill - XSS Admin Hijack Security Vulnerability
« on: December 15, 2013, 01:24:44 AM »
Quote
                      Type: XSS
                Location: Remote
                  Impact: High
                 Product: HostBill
                Website: http://www.hostbillapp.com
Vulnerable Version: 2013-12-11
        Fixed Version: 2013-12-14
                     Date: 2013-12-14
         Reported By: Rack911

Vulnerability Description:

There is an XSS vulnerability present within HostBill that would allow a malicious user to obtain the admin session cookie which could then be used to hijack access to the panel.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that the admin account(s) can be hijacked.

Vulnerable Version:

This vulnerability was tested against HostBill v2013-12-11.


Fixed Version:

This vulnerability was patched in HostBill v2013-12-14.