CVE-2020-26885

Name of the Vulnerable Software and Affected Versions: 2sic 2sxc versions prior to 11.22

Description: An issue was discovered that allows an attacker to craft a malicious URL, exploiting a XSS vulnerability in the sxcver parameter of "dnn/ui.html", which executes a JavaScript payload in a victim's browser.

Recommendations: For versions prior to 11.22, update to version 11.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the "dnn/ui.html" endpoint to minimize the risk of exploitation. Avoid using the sxcver parameter in the affected endpoint until the issue is resolved.