PT-2025-10962 · Unknown · Bcs Website Solutions Insert Code

Abdi Pranata

Publicado

2025-03-11

Atualizado

2025-03-13

CVE-2025-28932

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: BCS Website Solutions Insert Code versions n/a through 2.4

Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS.

Recommendations: For versions n/a through 2.4, update to a version that fixes the CSRF vulnerability to prevent Stored XSS attacks. As a temporary workaround, consider restricting access to sensitive areas of the Insert Code module to minimize the risk of exploitation.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2025-28932

Produtos afetados

Bcs Website Solutions Insert Code

PT-2025-10962 · Unknown · Bcs Website Solutions Insert Code

CVE-2025-28932

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5