PT-2020-17323 · Egavilan · Egavilan Media Expense Management System

Published

2020-12-15

Updated

2020-12-17

CVE-2020-35395

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions EGavilan Media Expense Management System version 1.0

Description The issue allows an attacker to permanently store malicious JavaScript code via the description field in the Add Expense Component. This enables the attacker to execute the malicious code, potentially leading to unauthorized actions or data exposure.

Recommendations For EGavilan Media Expense Management System version 1.0, consider validating and sanitizing user input in the description field to prevent the storage of malicious JavaScript code. As a temporary workaround, restrict access to the Add Expense Component to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-35395

Affected Products

Egavilan Media Expense Management System

PT-2020-17323 · Egavilan · Egavilan Media Expense Management System

CVE-2020-35395

Weakness Enumeration

Related Identifiers

Affected Products

References · 6