CVE-2023-31298

Name of the Vulnerable Software and Affected Versions Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6

Description The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user. This is a Cross Site Scripting (XSS) vulnerability.

Recommendations For Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6, consider disabling the creation of new system users until a patch is available to prevent exploitation via the User ID field. Avoid using the User ID field in the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.