PT-2019-15087 · Clipsoft · Clipsoft Rexpert
Published
2019-10-30
·
Updated
2019-11-01
·
CVE-2019-17324
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
ClipSoft REXPERT versions 1.0.0.527 and earlier
Description
The issue allows directory traversal through a special HTTP POST request with ../ characters, potentially leading to the creation of malicious HTML files by injecting crafted template content. User interaction is required, where the target must visit a malicious web page to exploit this issue.
Recommendations
For ClipSoft REXPERT versions 1.0.0.527 and earlier, consider restricting access to the HTTP POST request endpoint to minimize the risk of exploitation until a fix is available. As a temporary workaround, avoid using the ../ characters in the HTTP POST requests to prevent directory traversal.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clipsoft Rexpert