Описание
Special characters of ERP POS news page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:junhetec:enterprise_resource_planning_point_of_sale_system:2013.10:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00275
Низкий
4.6 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Special characters of ERP POS news page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information.
EPSS
Процентиль: 51%
0.00275
Низкий
4.6 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79