CVE-2018-11090

Name of the Vulnerable Software and Affected Versions MyBiz MyProcureNet version 5.0.0

Description A cross-site scripting (XSS) issue was found, allowing an attacker to inject malicious client-side scripting into the "ProxyPage.aspx" page. This scripting will be executed in the browser of users who visit the manipulated site.

Recommendations For MyBiz MyProcureNet version 5.0.0, consider restricting access to the "ProxyPage.aspx" page until a fix is available. As a temporary workaround, avoid using the page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.