Restaurant Management System 1.0 XSS / Session Hijack
- by Vince
-
in Blog
-
Hits: 10943
Disclosure date: 10/24/19
CVE-2019-18415
CVE-2019-18416
Restaurant Management System 1.0 is affected by a cross site scripting vulnerability that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account. This vulnerability can be exploited with an authenticated and an unauthenticated account.