Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass

Revenue Collection System version 1.0 suffers from a persistent cross site scripting vulnerability allowing an authenticated client user to add an administrative user account to the application then log in as the newly created admin.

Leave a Reply