CVE-2023-4709

Name of the Vulnerable Software and Affected Versions TOTVS RM version 12.1

Description A problematic vulnerability has been found in the Portal component of TOTVS RM, specifically in the Login.aspx file. The issue arises from the manipulation of the VIEWSTATE argument, leading to cross-site scripting. This vulnerability can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For TOTVS RM version 12.1, as a temporary workaround, consider restricting access to the Login.aspx file or disabling the manipulation of the VIEWSTATE argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.