CVE-2017-16841

Name of the Vulnerable Software and Affected Versions LanSweeper version 6.0.100.75

Description The issue is related to a security problem where an attacker can inject malicious code via the description parameter to the "/Calendar/CalendarActions.aspx" API endpoint. This allows for potential code execution on the client-side.

Recommendations For LanSweeper version 6.0.100.75, avoid using the description parameter in the "/Calendar/CalendarActions.aspx" endpoint until a fix is available. Consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.