CVE-2018-20611

Name of the Vulnerable Software and Affected Versions imcat version 4.4

Description The issue allows for XSS via a crafted cookie to the "/tools/adbug/binfo.php?cookie" API endpoint. This can be exploited by manipulating the cookie variable.

Recommendations For imcat version 4.4, as a temporary workaround, consider restricting access to the "/tools/adbug/binfo.php?cookie" API endpoint until a patch is available. Avoid using the cookie variable in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.