PT-2023-13469 · Tcman Gim · Tcman Gim
Jorge Alberto Palma Reyes
+1
·
Published
2023-10-04
·
Updated
2023-10-06
·
CVE-2022-36277
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
TCMAN GIM version 8.0.1
Description
The issue concerns the
sReferencia, sDescripcion, txtCodigo, and txtDescripcion parameters in the "frmGestionStock.aspx" and "frmEditServicio.aspx" files, which could allow an attacker to perform persistent XSS attacks.Recommendations
For TCMAN GIM version 8.0.1, consider restricting or sanitizing the input for the
sReferencia, sDescripcion, txtCodigo, and txtDescripcion parameters in the affected files to prevent XSS attacks. As a temporary workaround, restrict access to the frmGestionStock.aspx and frmEditServicio.aspx files until a patch is available.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tcman Gim