HostBill Admin Chat Generate Code CSRF & XSS Vulnerability
HostBill has released a new version to address few bugs from the previous version. Apart from WHMCS, HostBill is one of the widely used billing and support automation software by many web hosting companies.
Due to both a CSRF and XSS vulnerability present within the Chat Generate Code configuration page, it is possible for a malicious user to perform an attack against staff accounts with minimal effort.
This vulnerability was tested against HostBill 2014-03-10.
This vulnerability was patched in HostBill 2014-03-12.
If you are using HostBill, it is recommended that you upgrade your version to HostBill 2014-03-12.