CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3319
https://notcve.org/view.php?id=CVE-2015-3319
Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. Hotspot Express hotEx Billing Manager 73 no incluye el indicador HTTPOnly en una cabecera Set-Cookie, lo que facilita a atacantes remotos obtener información potencialmente sensible a través de acceso de secuencias de comandos a esta cookie. • http://packetstormsecurity.com/files/131297/HotExBilling-Manager-73-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Apr/18 http://www.securityfocus.com/archive/1/535186/100/0/threaded http://www.securityfocus.com/bid/74205 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2015-2781 – HotExBilling Manager 73 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-2781
Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. Vulnerabilidad de XSS en cgi-bin/hotspotlogin.cgi en Hotspot Express hotEx Billing Manager 73 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través del parámetro reply. HotExBilling Manager version 73 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/131297/HotExBilling-Manager-73-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Apr/18 http://www.securityfocus.com/archive/1/535186/100/0/threaded http://www.securityfocus.com/bid/73941 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •