Description
Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Matteo Ignaccolo · textwebappsjsp
https://www.exploit-db.com/exploits/32708
References (5)
Core 5
Core References
Exploit x_refsource_misc
http://www.securenetwork.it/ricerca/advisory/download/SN-2008-04.txt
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2009-01/0032.html
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2009-01/0054.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47795
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33153
Scores
EPSS
0.0044
EPSS Percentile
63.4%
Details
CWE
CWE-79
Status
published
Products (1)
plunet/business_manager
< 4.1
Published
Feb 23, 2009
Tracked Since
Feb 18, 2026