PT-2018-10301 · Mybiz · Myprocurenet

Ahmad Ramadhan Amizudin

Published

2018-05-14

Updated

2018-06-18

CVE-2018-11090

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MyBiz MyProcureNet version 5.0.0

Description A cross-site scripting (XSS) issue was found, allowing an attacker to inject malicious client-side scripting into the "ProxyPage.aspx" page. This scripting will be executed in the browser of users who visit the manipulated site.

Recommendations For MyBiz MyProcureNet version 5.0.0, consider restricting access to the "ProxyPage.aspx" page until a fix is available. As a temporary workaround, avoid using the page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-11090

Affected Products

Myprocurenet

PT-2018-10301 · Mybiz · Myprocurenet

CVE-2018-11090

Weakness Enumeration

Related Identifiers

Affected Products

References · 4