AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action, cargo, panel' parameters that can lead to data leakage.
References
Link | Resource |
---|---|
https://github.com/piuppi/Proof-of-Concepts/blob/main/AudimexEE/Reflected-XSS.md | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-05T14:57:26
Updated: 2020-11-05T14:57:26
Reserved: 2020-11-02T00:00:00
Link: CVE-2020-28047
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-05T15:15:38.923
Modified: 2020-11-10T18:33:17.353
Link: CVE-2020-28047
JSON object: View
Redhat Information
No data.
CWE