CVE-2017-16919

Name of the Vulnerable Software and Affected Versions MapOS versions 3.1.11 and earlier

Description The issue is related to a Stored Cross-site Scripting (XSS) vulnerability. It affects the "/clientes/visualizar" API endpoint, allowing remote attackers to inject arbitrary web script or HTML via a crafted description parameter.

Recommendations For MapOS versions 3.1.11 and earlier, as a temporary workaround, consider restricting access to the "/clientes/visualizar" endpoint until a patch is available. Avoid using the description parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.