CVE-2020-36634

Name of the Vulnerable Software and Affected Versions Indeed Engineering util versions up to 1.0.33

Description A problematic vulnerability has been found, affecting the function visit/appendTo of the file varexport/src/main/java/com/indeed/util/varexport/servlet/ViewExportedVariablesServlet.java. This vulnerability leads to cross-site scripting and can be launched remotely.

Recommendations Upgrading to version 1.0.34 is able to address this issue. It is recommended to upgrade the affected component. As a temporary workaround, consider disabling the visit/appendTo function until a patch is available.