This is a technical writeup detailing multiple vulnerabilities in Tickets CAD 2.20G, including Reflective/Stored XSS, information disclosure, and CSRF. It provides proof-of-concept payloads, patch suggestions, and a CSRF exploit example.
Classification
Writeup 90%
Attack Type
Xss | Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:Tickets CAD 2.20G
Auth required
Prerequisites:Access to the application with guest credentials