PT-2019-14630 · Nch · Nch Express Accounts Accounting
Publicado
2019-10-17
·
Atualizado
2019-10-21
·
CVE-2019-16330
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
NCH Express Accounts Accounting version 7.02
Description
The issue concerns a persistent cross-site scripting (XSS) flaw in the input fields for Invoices, Sales Orders, Items, Customers, and Quotes. An authenticated, unprivileged user can modify these fields to inject arbitrary JavaScript code.
Recommendations
For NCH Express Accounts Accounting version 7.02, consider restricting access to the input fields for Invoices, Sales Orders, Items, Customers, and Quotes to prevent arbitrary JavaScript injection until a patch is available.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Nch Express Accounts Accounting