CVE-2019-5286

Name of the Vulnerable Software and Affected Versions HedEx Lite versions earlier than V200R006C00SPC007

Description The issue is related to a reflection XSS vulnerability in HedEx products, where remote attackers can send malicious links to users, tricking them into clicking, which can initiate XSS attacks. The vulnerability is also described as being related to the failure to protect the web page structure, allowing a remote attacker to perform cross-site scripting attacks using a malicious link.

Recommendations For HedEx Lite versions earlier than V200R006C00SPC007, update to version V200R006C00SPC007 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or links to minimize the risk of exploitation. Avoid using links from untrusted sources in the affected HedEx Lite versions until the issue is resolved.