Reflected XSS in date in fossbilling/fossbilling
Jul 1st 2023
There is a reflective XSS on the FOSSBilling admin screen.
Proof of Concept
By accessing the following URL, it is possible to execute any script on the browser of the logged-in administrator user.
'"><img src=x onerror=alert(3)>
An attacker may obtain cookies of logged-in users or perform unauthorized operations on the administrator screen.