Hello. Somebody tell me that A2billing is not secured for XSS attack. For example please log into your account and click VOUCHER menu. You see address:
http://localhost/A2B_entity_voucher.php ... §ion=3 . Now simply remove all data after = sign to look like that:
http://localhost/A2B_entity_voucher.php?form_action= and put the code example
http://localhost/A2B_entity_voucher.php ... %22test%22);%3C/script%3E .
You will see ALERT. the same is in call history file. that guy who find that tell me also there's also something wrong in SQL but he dont tell me where. But he tell me that is possible to make SQL query usign XSS attack on that 2 links what I show at up. Please for help. Bye