CVE-2018-14527

Name of the Vulnerable Software and Affected Versions Xiao5uCompany version 1.7

Description The issue arises from an insufficient XSS protection mechanism in Safe.asp, which fails to consider certain elements such as VIDEO, in addition to properly handling SCRIPT and IMG elements. This oversight can lead to XSS attacks.

Recommendations For version 1.7, update the Safe.asp file to include proper validation and sanitization of all elements, including VIDEO, to prevent XSS attacks. As a temporary workaround, consider disabling the Feedback.asp page until a patch is available. Restrict access to the Feedback.asp page to minimize the risk of exploitation.