Arbitrary Code Execution via Cross Site Scripting (XSS) in BoxBilling 4.19-4.21

Arbitrary Code Execution via Cross Site Scripting (XSS) in BoxBilling 4.19-4.21

CVE-2020-23647 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.

Learn more about our Web Application Penetration Testing UK.