CVE-2023-41642

Name of the Vulnerable Software and Affected Versions GruppoSCAI RealGimm version 1.1.37p38

Description Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.

Recommendations For GruppoSCAI RealGimm version 1.1.37p38, consider disabling the ErroreNonGestito.aspx component or restricting access to it until a patch is available. Avoid using the VIEWSTATE parameter in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.