PT-2023-15704 · Mapos · Mapos
Enferas
·
Published
2023-02-16
·
Updated
2025-03-19
·
CVE-2022-48326
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mapos version 4.39.0
Description
Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos allow attackers to execute arbitrary code. The issue affects various parameters, including
nome, aCliente, eCliente, dCliente, vCliente, aProduto, eProduto, dProduto, vProduto, aServico, eServico, dServico, vServico, aOs, eOs, dOs, vOs, aVenda, eVenda, dVenda, vVenda, aGarantia, eGarantia, dGarantia, vGarantia, aArquivo, eArquivo, dArquivo, vArquivo, aPagamento, ePagamento, dPagamento, vPagamento, aLancamento, eLancamento, dLancamento, vLancamento, cUsuario, cEmitente, cPermissao, cBackup, cAuditoria, cEmail, cSistema, rCliente, rProduto, rServico, rOs, rVenda, rFinanceiro, aCobranca, eCobranca, dCobranca, vCobranca, situacao, idPermissao, id, precoCompra, precoVenda, descricao, unidade, estoque, estoqueMinimo, idProdutos, id, and estoqueAtual in files application/controllers/Permissoes.php and application/controllers/Produtos.php.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mapos