PT-2023-23288 · Unknown · Sesami Cash Point & Transport Optimizer
Marcus Nilsson
·
Published
2023-12-28
·
Updated
2024-01-04
·
CVE-2023-31301
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6
Description
The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the
Username field of the login form and application log. This is a Stored Cross Site Scripting (XSS) issue.Recommendations
For Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6, consider disabling the login form's
Username field until a patch is available to prevent exploitation. Restrict access to the application log to minimize the risk of sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this issue.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sesami Cash Point & Transport Optimizer