CVE-2020-29144

Name of the Vulnerable Software and Affected Versions Ericsson BSCS iX R18 Billing & Rating iX R18

Description The issue concerns a stored XSS vulnerability in the MX web-based module of Ericsson BSCS iX, specifically via an Alert Dashboard comment. This vulnerability can potentially lead to session hijacking, allowing for full account takeover. Additionally, it may enable exploiting admins' browsers using the beef framework.

Recommendations For Ericsson BSCS iX R18 Billing & Rating iX R18, consider disabling the Alert Dashboard comment feature in the MX module until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the MX module to minimize the risk of session hijacking and subsequent account takeover. Avoid using the Alert Dashboard comment feature in the affected module until the issue is resolved.