CVE-2018-14924

Name of the Vulnerable Software and Affected Versions Matera Banco version 1.0.0

Description The issue concerns multiple stored XSS vulnerabilities. Specifically, the "Nome Completo" (aka user fullname) field in the /sca/privilegio/consultarUsuario.jsf endpoint is vulnerable.

Recommendations For Matera Banco version 1.0.0, as a temporary workaround, consider restricting access to the /sca/privilegio/consultarUsuario.jsf endpoint until a patch is available. Avoid using the Nome Completo field in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.