CVE-2022-35554

Name of the Vulnerable Software and Affected Versions BPC SmartVista version 3.28.0

Description The issue concerns reflected XSS vulnerabilities in error message handling, allowing an attacker to execute JavaScript code on the client side. Additionally, there is a vulnerability in the SmartVista CardGen personalization module due to inadequate protection of the web page structure, which can be exploited for cross-site scripting (XSS) attacks.

Recommendations For BPC SmartVista version 3.28.0, consider disabling the error message handling feature until a patch is available to prevent exploitation of the reflected XSS vulnerability. Restrict access to the SmartVista CardGen personalization module to minimize the risk of XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.