PT-2023-23289 · Unknown · Sesami Cash Point & Transport Optimizer

Marcus Nilsson

Publicado

2023-12-28

Atualizado

2024-01-08

CVE-2023-31302

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6

Description A Cross Site Scripting (XSS) issue allows remote attackers to execute arbitrary code via the Teller field. This enables attackers to inject malicious scripts into the website, potentially leading to unauthorized actions.

Recommendations For Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6, consider disabling the Teller field functionality until a patch is available to prevent exploitation. Additionally, restrict access to sensitive areas of the application to minimize the risk of arbitrary code execution.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-31302

Produtos afetados

Sesami Cash Point & Transport Optimizer

PT-2023-23289 · Unknown · Sesami Cash Point & Transport Optimizer

CVE-2023-31302

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5