Nexor · Nexorone Online Banking · CVE-2012-1020
**Name of the Vulnerable Software and Affected Versions**
NexorONE Online Banking (affected versions not specified)
**Description**
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerable parameters are the `visitor language` parameter to the "register.php" endpoint and the `message` parameter.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.