• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.

Recommended Providers

Fully Managed WordPress Hosting
Fully Managed WordPress Hosting

WordPress Theme

Divi WordPress Theme

Forum Membership

Forum Membership

HostBill - XSS Admin Hijack Security Vulnerability

Started by Kailash, December 15, 2013, 01:24:44 AM


QuoteType: XSS
                Location: Remote
                  Impact: High
                 Product: HostBill
                Website: http://www.hostbillapp.com
Vulnerable Version: 2013-12-11
        Fixed Version: 2013-12-14
                     Date: 2013-12-14
         Reported By: Rack911

Vulnerability Description:

There is an XSS vulnerability present within HostBill that would allow a malicious user to obtain the admin session cookie which could then be used to hijack access to the panel.


We have deemed this vulnerability to be rated as HIGH due to the fact that the admin account(s) can be hijacked.

Vulnerable Version:

This vulnerability was tested against HostBill v2013-12-11.

Fixed Version:

This vulnerability was patched in HostBill v2013-12-14.