CVE-2020-28047

Name of the Vulnerable Software and Affected Versions AudimexEE versions prior to 14.1.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via 'action, cargo, panel' parameters, potentially leading to data leakage. This occurs when the recommended security configuration parameter unique error numbers is not set.

Recommendations For versions prior to 14.1.1, set the recommended security configuration parameter unique error numbers to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the action, cargo, and panel parameters in affected API endpoints until a patch is available. Update to version 14.1.1 or later to fully resolve the issue.