CVE-2020-27262

Name of the Vulnerable Software and Affected Versions: Innokas Yhtymä Oy Vital Signs Monitor VC150 versions prior to 1.7.15

Description: A stored cross-site scripting issue exists in the affected product, allowing an attacker to inject arbitrary web script or HTML via the filename parameter to multiple update endpoints of the administrative web interface.

Recommendations: For versions prior to 1.7.15, update to version 1.7.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative web interface to minimize the risk of exploitation. Avoid using the filename parameter in the affected update endpoints until the issue is resolved.