CVE-2020-6876

Name of the Vulnerable Software and Affected Versions eVDC ZXCLOUD-iROSV6.03.04

Description The issue is caused by the lack of correct verification of client data in the WEB module, allowing a remote attacker to trigger an XSS attack by inserting malicious scripts into the web module. This could lead to the theft of user cookies or destruction of the page structure when the user browses the web page.

Recommendations For eVDC ZXCLOUD-iROSV6.03.04, consider disabling the WEB module temporarily until a patch is available to prevent exploitation. Restrict access to the WEB module to minimize the risk of XSS attacks. Avoid using the WEB module for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.