CVE-2018-18692

Name of the Vulnerable Software and Affected Versions Semcosoft version 5.3

Description A reflected Cross-Site scripting issue allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the "Login Form" API endpoint.

Recommendations For Semcosoft version 5.3, consider validating and sanitizing user input for the username parameter in the Login Form to prevent arbitrary script injection. As a temporary workaround, restrict access to the Login Form until a patch is available.