CVE-2018-7997

Name of the Vulnerable Software and Affected Versions: Eramba version 1.0.6.033

Description: The issue concerns a Reflected XSS on the Error page of the CSV file inclusion tab, specifically when accessing the /importTool/preview URI with a maliciously crafted CSV file containing JavaScript code.

Recommendations: For version 1.0.6.033, as a temporary workaround, consider restricting access to the /importTool/preview URI until a patch is available. Avoid using the CSV file inclusion tab in the import tool until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.