Name of the Vulnerable Software and Affected Versions Dr.Web Enterprise Security Suite (affected versions not specified)

Description The issue exists due to inadequate protection of the web page structure in the "Security Control Center" component. This could allow a remote attacker to execute arbitrary HTML code in the user's browser by placing it in the remove flag on parameter of the notifications.ds file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.