PT-2020-20429 · Arvato · Arvato Skillpipe
Published
2020-02-16
·
Updated
2022-01-01
·
CVE-2020-9013
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Arvato Skillpipe version 3.0
Description
The issue allows attackers to bypass intended print restrictions. This is achieved by modifying the HTML source code, specifically by deleting the
element.
Recommendations
For Arvato Skillpipe version 3.0, consider implementing proper input validation and sanitization to prevent modification of the HTML source code, specifically protecting the
watermark div element from deletion. As a temporary workaround, restrict access to the HTML source code editing functionality to minimize the risk of exploitation.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arvato Skillpipe