PT-2019-11512 · Genetechsolutions · Pie Register
Socket_0X03
·
Published
2019-07-23
·
Updated
2019-07-29
·
CVE-2019-1010207
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Genetechsolutions Pie Register version 3.0.15
Description:
The issue allows for Cross Site Scripting (XSS), which can lead to the stealing of session cookies. The vulnerable component is the Login file, specifically the parameters
interim-login, wp-lang, and the supplied URL. An attacker can exploit this by tricking a victim into clicking a malicious link, thereby gaining access to the victim's account.Recommendations:
For Genetechsolutions Pie Register version 3.0.15, update to version 3.0.16 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pie Register