CVE-2020-21731

Name of the Vulnerable Software and Affected Versions Gazie version 7.29

Description The issue allows for Cross Site Scripting (XSS) via the "http://192.168.100.7/gazie/modules/config/admin utente.php" endpoint, specifically through the user name variable. An attacker can inject JavaScript code, which is then stored by the web application.

Recommendations For Gazie version 7.29, as a temporary workaround, consider restricting access to the admin utente.php endpoint until a patch is available. Avoid using the user name variable in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.