PT-2022-11611 · Unknown · Ctrlo Lenio
Published
2022-12-18
·
Updated
2022-12-22
·
CVE-2021-4255
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ctrlo lenio (affected versions not specified)
Description
A vulnerability was found in ctrlo lenio and classified as problematic. It affects some unknown functionality of the file views/contractor.tt. The manipulation of the
contractor.name argument leads to cross-site scripting. The attack may be launched remotely.Recommendations
It is recommended to apply a patch to fix this issue. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. As a temporary workaround, consider restricting the manipulation of the
contractor.name argument to minimize the risk of exploitation.Fix
Improper Neutralization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ctrlo Lenio