Name of the Vulnerable Software and Affected Versions Dr.Web Enterprise Security Suite (affected versions not specified)

Description The issue exists due to inadequate protection of the web page structure in the "Центр управления безопасностью" component. This could allow a remote attacker to execute arbitrary HTML code in the user's browser by placing it in the cut parameter of the sql editor.ds file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.