CVE-2019-18926

Name of the Vulnerable Software and Affected Versions Systematic IRIS Standards Management (ISM) version v2.1 SP1 89

Description The issue allows for unauthenticated reflected Cross Site Scripting (XSS) attacks. A user input related to dialog information is reflected directly in the web page, enabling a malicious user to conduct a Cross Site Scripting attack against users of the application.

Recommendations For version v2.1 SP1 89, consider restricting user input related to dialog information to prevent reflected XSS attacks until a patch is available. As a temporary workaround, restrict access to the web page that reflects user input to minimize the risk of exploitation.