Exploits / Vulnerability Discovered : 2019-08-01 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Ultimate loan manager 2.0 crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title:Web Studio Ultimate Loan Manager V2.0 - Persistent Cross Site Scripting
# Exploit Author: Metin Yunus Kandemir (kandemir)
# Vendor Homepage: http://www.webstudio.co.zw/
# Software Link: https://codecanyon.net/item/ultimate-loan-manager/19891884
# Version: V2.0
# Category: Webapps
# Software Description : Ultimate Loan Manager is an online loam management system that allows lending businesses to manage their borrowers, loans, repayments, and collections with ease while being affordable at the same time.
# CVE : CVE-2019-14427
==================================================================
#Description:XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code.