CVE-2020-16270

Name of the Vulnerable Software and Affected Versions OLIMPOKS versions under 3.3.39

Description The issue allows a remote attacker to inject malicious JavaScript payload into a victim's browser, potentially stealing administrator cookies, influencing HTML content, and performing phishing attacks. This affects over 3000 organizations across various sectors. The vulnerability is related to the lack of protection for the web page structure, allowing an attacker to execute arbitrary code.

Recommendations For versions under 3.3.39, update to version 3.3.39 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable application to minimize the risk of exploitation.