PT-2023-23285 · Unknown · Sesami Cash Point & Transport Optimizer

Marcus Nilsson

Published

2023-12-28

Updated

2024-01-08

CVE-2023-31299

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6

Description The issue allows remote attackers to execute arbitrary code via the Barcode field of a container. This is a Cross Site Scripting (XSS) vulnerability.

Recommendations For Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6, consider disabling the Barcode field functionality until a patch is available to prevent exploitation. Restrict access to the container's Barcode field to minimize the risk of arbitrary code execution. Avoid using the Barcode field in the affected container until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-31299

Affected Products

Sesami Cash Point & Transport Optimizer

PT-2023-23285 · Unknown · Sesami Cash Point & Transport Optimizer

CVE-2023-31299

Weakness Enumeration

Related Identifiers

Affected Products

References · 8