Readsoft Invoice Processing and Process Director Multiple Security Vulnerabilities
BID:69048
Info
Readsoft Invoice Processing and Process Director Multiple Security Vulnerabilities
| Bugtraq ID: | 69048 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 05 2014 12:00AM |
| Updated: | Aug 05 2014 12:00AM |
| Credit: | J. Greil, M. Hofer, and B. Kopp |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Readsoft Invoice Processing and Process Director Multiple Security Vulnerabilities
Readsoft Invoice Processing and Process Director are prone to multiple cross-site scripting, information-disclosure and HTML-injection vulnerabilities.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user or obtain sensitive information. Other attacks are also possible.
Readsoft Invoice Processing and Process Director are prone to multiple cross-site scripting, information-disclosure and HTML-injection vulnerabilities.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user or obtain sensitive information. Other attacks are also possible.
Exploit / POC
Readsoft Invoice Processing and Process Director Multiple Security Vulnerabilities
Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
References
Readsoft Invoice Processing and Process Director Multiple Security Vulnerabilities
References:
References: