PT-2020-15004 · Multiux · Multiux

Published

2020-09-02

Updated

2020-09-08

CVE-2020-17458

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MultiUx version 3.1.12.0

Description A post-authenticated stored XSS issue was discovered, allowing potential exploitation via the "LastName" field in the /multiux/SaveMailbox API endpoint.

Recommendations For MultiUx version 3.1.12.0, consider restricting access to the /multiux/SaveMailbox API endpoint until a fix is available, and avoid using the LastName field in this endpoint to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-17458

Affected Products

Multiux

PT-2020-15004 · Multiux · Multiux

CVE-2020-17458

Weakness Enumeration

Related Identifiers

Affected Products

References · 4