ModernGigabyte ModernBill Aid Parameter Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

ModernGigabyte ModernBill Aid Parameter Cross-Site Scripting Vulnerability

ModernBill is affected by a cross-site scripting vulnerability.

This issue is due to a failure in the application to properly sanitize user-supplied input to the 'aid' parameter. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

ModernBill 4.3 and prior versions are vulnerable to this issue.