CVE-2020-29145

Name of the Vulnerable Software and Affected Versions Ericsson BSCS iX R18 Billing & Rating iX R18

Description The issue concerns a stored XSS vulnerability in the ADMX web-based module, specifically via the name or description field in the solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group endpoint. This vulnerability can potentially lead to session hijacking, allowing for full account takeover or exploiting administrators' browsers using the beef framework.

Recommendations For Ericsson BSCS iX R18 Billing & Rating iX R18, consider disabling access to the vulnerable solutionUnitServlet endpoint until a fix is available, and restrict input for the name and description fields to prevent XSS attacks.