HostBill Admin Chat Generate Code CSRF & XSS Vulnerability

HostBill Admin Chat Generate Code CSRF & XSS Vulnerability

HostBill has released a new version to address few bugs from the previous version. Apart from WHMCS, HostBill is one of the widely used billing and support automation software by many web hosting companies.

WHMCS Complete Billing and Support

Vulnerability Description:

Due to both a CSRF and XSS vulnerability present within the Chat Generate Code configuration page, it is possible for a malicious user to perform an attack against staff accounts with minimal effort.

Vulnerable Version:

This vulnerability was tested against HostBill 2014-03-10.

Fixed Version:

This vulnerability was patched in HostBill 2014-03-12.

If you are using HostBill, it is recommended that you upgrade your version to HostBill 2014-03-12.

Posted in Security.