Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37137

Sept. 14, 2022, 11:15 a.m. |

National Vulnerability Database nist.gov

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the view ticket function.

cve

Chief Information Security Officer

@ Los Angeles Unified School District | Los Angeles

Cybersecurity Engineer

@ Apercen Partners LLC | Folsom, CA

IDM Sr. Security Developer

@ The Ohio State University | Columbus, OH, United States

IT Security Engineer

@ Stylitics | New York City

Information Security Engineer

@ VDA Labs | Remote

Information Security Analyst

@ Metropolitan Transportation Commission | San Francisco, CA

Director of Threat Intelligence

@ McDonald's Corporation | Chicago, IL, United States

Senior Principal Security Engineer - EMEA, Remote

@ GoDaddy | EMEA

Network Security Engineer (Starlink)

@ SpaceX | Redmond, WA, United States

Staff, Cloud Security Engineer

@ Twilio | Remote - US

Senior DevSecOps Engineer

@ Ginger | Remote - United States

Sr Professional Consultant I (Top Secret Clearance)

@ Palo Alto Networks | Las Vegas, NV, United States