CVE-2019-14478

Name of the Vulnerable Software and Affected Versions: AdRem NetCrunch version 10.6.0.4587

Description: The issue is related to a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user, allowing an attacker to execute JavaScript code in the context of the user's browser if the victim opens or searches for a node whose Display Name contains an XSS payload.

Recommendations: For AdRem NetCrunch version 10.6.0.4587, consider restricting the use of the NetCrunch web client until a patch is available, and ensure that user input data is properly encoded to prevent XSS attacks. As a temporary workaround, avoid using the Display Name field for nodes that may contain potentially malicious input.