AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript code in the context of the user's browser if the victim opens or searches for a node whose "Display Name" contains an XSS payload.
References
Link | Resource |
---|---|
https://compass-security.com/fileadmin/Research/Advisories/2020-12_CSNC-2019-013_AdRem_NetCrunch_Cross-Site_Scripting_XSS.txt | Exploit Third Party Advisory |
https://www.adremsoft.com/support/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-16T17:01:52
Updated: 2020-12-16T17:01:52
Reserved: 2019-08-01T00:00:00
Link: CVE-2019-14478
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-16T17:15:12.890
Modified: 2020-12-17T16:32:03.080
Link: CVE-2019-14478
JSON object: View
Redhat Information
No data.
CWE