PT-2020-10199 · Halvotec · Raquest
Dominique Righetto
+1
·
Published
2020-03-16
·
Updated
2020-06-25
·
CVE-2019-19612
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Halvotec RaQuest versions prior to 10.23.10801.0 is not accurate based on the provided information. The correct interpretation is that version 10.23.10801.0 is affected. The fixed version is 24.2020.20608.0, so all versions prior to this are vulnerable.
Halvotec RaQuest versions prior to 24.2020.20608.0
Description
An issue was discovered in the application that allows stored Cross-site Scripting (XSS) due to several vulnerable features. The vendor does not recognize this issue and will not provide a patch.
Recommendations
For versions prior to 24.2020.20608.0, update to version 24.2020.20608.0 or later to resolve the issue. As a temporary workaround, consider restricting access to features that allow user input to minimize the risk of stored Cross-site Scripting (XSS) exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Raquest