CVE-2019-17324

Name of the Vulnerable Software and Affected Versions ClipSoft REXPERT versions 1.0.0.527 and earlier

Description The issue allows directory traversal through a special HTTP POST request with ../ characters, potentially leading to the creation of malicious HTML files by injecting crafted template content. User interaction is required, where the target must visit a malicious web page to exploit this issue.

Recommendations For ClipSoft REXPERT versions 1.0.0.527 and earlier, consider restricting access to the HTTP POST request endpoint to minimize the risk of exploitation until a fix is available. As a temporary workaround, avoid using the ../ characters in the HTTP POST requests to prevent directory traversal.