PT-2020-13058 · Fifthplay · Fifthplay S.A.M.I
Gjoko Krstic
·
Published
2020-04-23
·
Updated
2020-05-04
·
CVE-2020-12132
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Fifthplay S.A.M.I versions prior to 2019.3 HP2
Description
The issue allows unauthenticated stored XSS via a POST request. This can lead to the execution of malicious scripts on the client-side.
Recommendations
For versions prior to 2019.3 HP2, update to version 2019.3 HP2 or later to resolve the issue. As a temporary workaround, consider restricting access to the POST request endpoint to minimize the risk of exploitation. Avoid using the vulnerable endpoint until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fifthplay S.A.M.I