CVE-2019-11643

Name of the Vulnerable Software and Affected Versions OneShield Policy (Dragon Core) versions prior to 5.1.10

Description A persistent XSS issue has been identified, allowing remote adversaries to inject malicious JavaScript into textboxes decorated with type string. This malicious code is stored in the applicable data store and can be exploited remotely by both authenticated and unauthenticated users.

Recommendations For versions prior to 5.1.10, update to version 5.1.10 or later to resolve the issue. As a temporary workaround, consider restricting access to textboxes that allow string input to minimize the risk of exploitation.