CVE-2020-26584

Name of the Vulnerable Software and Affected Versions Sage DPW versions prior to 2020 06 002

Description An issue was discovered that allows for Reflected XSS in the search field "Kurs suchen" on the Kurskatalog page. This can be exploited if an attacker lures a user into clicking a crafted link, allowing the execution of arbitrary JavaScript code in the user's browser. The issue can be used to change the site's contents, redirect users to other sites, or steal user credentials. Users may also be vulnerable to browser exploits and JavaScript malware.

Recommendations For versions prior to 2020 06 002, update to version 2020 06 002 or later to resolve the issue. As a temporary workaround, consider restricting access to the Kurskatalog page or avoiding the use of the "Kurs suchen" search field until the issue is resolved.