PT-2021-10342 · Medintux · Medintux

Emreovunc

Published

2021-01-20

Updated

2021-01-22

CVE-2020-19361

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Medintux version 2.16.000

Description: The issue is related to Reflected XSS in Medintux, where an attacker can manipulate the mot1 parameter in CCAM.php to perform malicious actions on users who open a maliciously crafted link or third-party web page.

Recommendations: For Medintux version 2.16.000, consider restricting access to the CCAM.php page or disabling the manipulation of the mot1 parameter until a patch is available. As a temporary workaround, avoid using the mot1 parameter in the affected page to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-19361

Affected Products

Medintux

PT-2021-10342 · Medintux · Medintux

CVE-2020-19361

Weakness Enumeration

Related Identifiers

Affected Products

References · 8