CVE-2018-11090
Description
An XSS vulnerability in MyBiz MyProcureNet 5.0.0's ProxyPage.aspx allows authenticated attackers to inject malicious scripts executed in victims' browsers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An XSS vulnerability in MyBiz MyProcureNet 5.0.0's ProxyPage.aspx allows authenticated attackers to inject malicious scripts executed in victims' browsers.
Vulnerability
An XSS vulnerability exists in ProxyPage.aspx of MyBiz MyProcureNet version 5.0.0. The issue allows an attacker to inject malicious client-side scripting. Exploitation requires an authenticated session, but registration for the application is typically open to anyone [1].
Exploitation
An attacker must first obtain a valid authenticated session (registration is open). The attacker then crafts a malicious URL or input to ProxyPage.aspx containing the XSS payload. When a victim user visits the manipulated page, the script executes in their browser [1].
Impact
Successful exploitation enables the attacker to execute arbitrary JavaScript in the context of the victim's browser. This can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim [1].
Mitigation
The vendor did not respond to inquiries since February 2018, and no patch or workaround has been released. SEC Consult recommends not using this product until a thorough security review has been performed and all identified issues are resolved [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =5.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- seclists.org/fulldisclosure/2018/May/32mitrex_refsource_MISC
- www.sec-consult.com/en/blog/advisories/arbitrary-file-upload-cross-site-scripting-in-mybiz-myprocurenet/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.