If a user had the “manage plans” permission, they could delete an account, change an email address, or change a password. The id parameter is reportedly not sanitized before being sent to the server, resulting in a situation where a logged-in user could potentially delete another user’s account. SACCO Open Source SACCO Management System v1.0 also reportedly has an XSS vulnerability at /sacco_shield/ajax.php?action=edit_plan&id_plan=&_ml_lang=english. A logged-in user could potentially exploit this to execute arbitrary HTML and JavaScript code through the SACCO Open Source SACCO Management System v1.0 XSS vulnerability.
SACCO Management System v2 .0
The SACCO Management System v2.0 is no longer vulnerable to these issues.
SACCO Management System v1.0:
A Vulnerability
SocialCxN is a social media management platform designed for businesses to manage their social media initiatives. It has over 1,000 clients in 40 countries across the world. The SocialCxN software v1.0 was released on February 26, 2016 and had an XSS vulnerability at /sacco_shield/ajax.php?action=edit_plan&id_plan=&_ml_lang=english. This vulnerability was discovered on February 27, 2016 and fixed before release on March 1, 2016.
Timeline
Published on: 10/12/2022 00:15:00 UTC
Last modified on: 10/13/2022 14:08:00 UTC