PT-2020-20675 · Octech · Oempro

Guilherme Rubert

Published

2020-04-14

Updated

2020-04-14

CVE-2020-9461

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Octech Oempro versions 4.7 through 4.11

Description The issue allows stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.

Recommendations For versions 4.7 through 4.11, consider restricting access to the Media.CreateFolder command until a fix is available, and avoid using the FolderName parameter in this command to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-9461

Affected Products

Oempro

PT-2020-20675 · Octech · Oempro

CVE-2020-9461

Weakness Enumeration

Related Identifiers

Affected Products

References · 7