CVE-2023-4710

Name of the Vulnerable Software and Affected Versions TOTVS RM version 12.1

Description A problematic vulnerability was found in the Portal component of TOTVS RM, where the manipulation of the argument d leads to cross-site scripting. The attack can be launched remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For TOTVS RM version 12.1, as a temporary workaround, consider restricting access to the Portal component to minimize the risk of exploitation. Avoid using the argument d until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.