PT-2019-11512 · Genetechsolutions · Pie Register

Socket_0X03

Publicado

2019-07-23

Atualizado

2019-07-29

CVE-2019-1010207

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Genetechsolutions Pie Register version 3.0.15

Description: The issue allows for Cross Site Scripting (XSS), which can lead to the stealing of session cookies. The vulnerable component is the Login file, specifically the parameters interim-login, wp-lang, and the supplied URL. An attacker can exploit this by tricking a victim into clicking a malicious link, thereby gaining access to the victim's account.

Recommendations: For Genetechsolutions Pie Register version 3.0.15, update to version 3.0.16 to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-1010207

Produtos afetados

Pie Register

PT-2019-11512 · Genetechsolutions · Pie Register

CVE-2019-1010207

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5