CVE-2022-45890

Name of the Vulnerable Software and Affected Versions Planet eStream versions prior to 6.72.10.07

Description A Reflected Cross-Site Scripting (XSS) issue exists via any metadata filter field, for example, when searching within Default.aspx using the r or fo parameter. This allows for malicious scripts to be reflected off the server, potentially leading to the execution of unwanted actions on the client-side.

Recommendations For versions prior to 6.72.10.07, update to version 6.72.10.07 or later to resolve the issue. As a temporary workaround, consider restricting access to metadata filter fields or disabling the search functionality within Default.aspx until the update can be applied. Avoid using the r or fo parameters in the Default.aspx search function until the issue is resolved.