PT-2019-12746 · Sandline · Sandline Centraleyezer

Published

2019-11-18

Updated

2019-11-21

CVE-2019-12311

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Sandline Centraleyezer (On Premises) (affected versions not specified)

Description The issue allows for Unrestricted File Upload, leading to Stored XSS. This means an HTML page running a script could be uploaded to the server. When a victim attempts to download a CISO Report template, the script is loaded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-12311

Affected Products

Sandline Centraleyezer

PT-2019-12746 · Sandline · Sandline Centraleyezer

CVE-2019-12311

Weakness Enumeration

Related Identifiers

Affected Products

References · 3