CVE-2019-13066

Name of the Vulnerable Software and Affected Versions Sahi Pro version 8.0.0

Description The issue concerns a reflected XSS vulnerability in the script manager arena, located at s /dyn/pro/DBReports. This vulnerability can be triggered by updating specific fields, including Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment. The sql parameter can also be used to trigger this issue.

Recommendations For Sahi Pro version 8.0.0, consider restricting access to the s /dyn/pro/DBReports area and avoid using the sql parameter in the affected endpoint until a fix is available. As a temporary workaround, restrict updates to the Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment fields to minimize the risk of exploitation.