PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the view ticket function.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-14T03:24:01
Updated: 2024-08-03T10:21:33.167Z
Reserved: 2022-08-01T00:00:00
Link: CVE-2022-37137
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-09-14T11:15:50.153
Modified: 2022-09-16T03:19:03.430
Link: CVE-2022-37137
Redhat
No data.