PT-2019-15274 · Zucchetti · Zucchetti Infobusiness

Published

2019-10-30

Updated

2019-11-01

CVE-2019-18205

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Zucchetti InfoBusiness versions prior to 4.4.1

Description The issue is related to Multiple Reflected Cross-site Scripting (XSS) vulnerabilities. The browsing component did not properly sanitize user input, which was encoded in base64. This vulnerability also affects the search functionality, specifically the searchKey parameter.

Recommendations For versions prior to 4.4.1, update to a version later than 4.4.1 to resolve the issue. As a temporary workaround, consider restricting the use of the browsing component and search functionality until a patch is available. Avoid using the searchKey parameter in the affected search functionality until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-18205

Affected Products

Zucchetti Infobusiness

PT-2019-15274 · Zucchetti · Zucchetti Infobusiness

CVE-2019-18205

Weakness Enumeration

Related Identifiers

Affected Products

References · 3