CVE-2019-18207

Name of the Vulnerable Software and Affected Versions Zucchetti InfoBusiness versions prior to 4.4.2

Description The issue allows an authenticated user to inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. This code injection is triggered every time a user browses the reports page.

Recommendations For versions prior to 4.4.2, update to version 4.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the reports page or validating user input in the Title field to minimize the risk of code injection.