CVE-2020-27182

Name of the Vulnerable Software and Affected Versions konzept-ix publiXone versions prior to 2020.015

Description The issue allows remote attackers to inject arbitrary JavaScript or HTML, which can be achieved via several endpoints, including "appletError.jsp", "job jacket detail.jsp", "ixedit/editor component.jsp", or the "login form".

Recommendations For versions prior to 2020.015, update to version 2020.015 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected endpoints, such as "appletError.jsp", "job jacket detail.jsp", "ixedit/editor component.jsp", and the login form, until a patch is applied.