CVE-2014-2971

Name of the Vulnerable Software and Affected Versions MicroPact iComplaints versions prior to 8.0.2.1.8.8014

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML via the description parameter in the AddStdLetter.jsp file.

Recommendations For versions prior to 8.0.2.1.8.8014, update to version 8.0.2.1.8.8014 or later to resolve the issue. As a temporary workaround, consider restricting access to the AddStdLetter.jsp file or validating and sanitizing the description parameter to prevent malicious input.