PT-2019-14993 · Totemodata · Totemodata
Fabio Poloni
·
Published
2019-10-22
·
Updated
2019-10-22
·
CVE-2019-17189
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
totemodata version 3.0.0 b936
Description
The issue is related to a Cross-Site Scripting (XSS) problem. It occurs via a folder name, allowing potential exploitation.
Recommendations
For totemodata version 3.0.0 b936, avoid using user-supplied input for folder names until a fix is available. As a temporary workaround, consider validating and sanitizing all folder names to prevent XSS attacks.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totemodata