CVE-2017-13754

Name of the Vulnerable Software and Affected Versions Wibu-Systems CodeMeter versions prior to 6.50b

Description A cross-site scripting (XSS) issue exists in the "advanced settings - time server" module, allowing remote attackers to inject arbitrary web script or HTML via the server name field in the "actions/ChangeConfiguration.html" endpoint.

Recommendations For versions prior to 6.50b, update to version 6.50b or later to resolve the issue. As a temporary workaround, consider restricting access to the "actions/ChangeConfiguration.html" endpoint to minimize the risk of exploitation. Avoid using the server name field in the affected module until the issue is resolved.