CVE-2021-41557

Name of the Vulnerable Software and Affected Versions Sofico Miles RIA version 2020.2 Build 127964T

Description The issue allows an attacker with access to a user account of the RIA IT or the Fleet role to create a crafted work order in the damage reports section, or change existing work orders, which can lead to Stored Cross Site Scripting (XSS). The XSS payload is embedded in the work order number.

Recommendations For Sofico Miles RIA version 2020.2 Build 127964T, consider restricting access to the damage reports section to minimize the risk of exploitation. Avoid using crafted work orders until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.