CVE-2020-12282

Name of the Vulnerable Software and Affected Versions iSmartgate PRO version 1.5.9

Description The issue concerns a CSRF vulnerability that can be exploited via the busca parameter in the form used for searching for users, accessible through the "/index.php" API endpoint. This vulnerability can be combined with reflected XSS.

Recommendations For iSmartgate PRO version 1.5.9, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent exploitation. As a temporary workaround, restrict access to the "/index.php" endpoint to minimize the risk of exploitation. Avoid using the busca parameter in the affected form until the issue is resolved.