CVE-2019-18205

Name of the Vulnerable Software and Affected Versions Zucchetti InfoBusiness versions prior to 4.4.1

Description The issue is related to Multiple Reflected Cross-site Scripting (XSS) vulnerabilities. The browsing component did not properly sanitize user input, which was encoded in base64. This vulnerability also affects the search functionality, specifically the searchKey parameter.

Recommendations For versions prior to 4.4.1, update to a version later than 4.4.1 to resolve the issue. As a temporary workaround, consider restricting the use of the browsing component and search functionality until a patch is available. Avoid using the searchKey parameter in the affected search functionality until the issue is resolved.