Stored XSS Vulnerability in Revenue Collection System v1.0 Allows Arbitrary Code Execution via Crafted Payload in Sent Messages

Stored XSS Vulnerability in Revenue Collection System v1.0 Allows Arbitrary Code Execution via Crafted Payload in Sent Messages

CVE-2022-46968 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages.

Learn more about our Web App Pen Testing.