HostBill Admin Chat Generate Code CSRF & XSS Vulnerability

Post author:Kailash
Post published:March 13, 2014
Post category:Security
Post comments:0 Comments

HostBill Admin Chat Generate Code CSRF & XSS Vulnerability

HostBill has released a new version to address few bugs from the previous version. Apart from WHMCS, HostBill is one of the widely used billing and support automation software by many web hosting companies.

Vulnerability Description:

Due to both a CSRF and XSS vulnerability present within the Chat Generate Code configuration page, it is possible for a malicious user to perform an attack against staff accounts with minimal effort.

Vulnerable Version:

This vulnerability was tested against HostBill 2014-03-10.

Fixed Version:

This vulnerability was patched in HostBill 2014-03-12.

If you are using HostBill, it is recommended that you upgrade your version to HostBill 2014-03-12.

HostBill Admin Chat Generate Code CSRF & XSS Vulnerability

You Might Also Like

HostBill Security Update – Patch v2014-01-03 released

Critical 0-day Remote Command Execution Vulnerability in Joomla

vePortal Security Warning – Alternative for vePortal

Leave a Reply Cancel reply